nanog mailing list archives
RE: RBL-type BGP service for known rogue networks?
From: Karyn Ulriksen <kulriksen () publichost com>
Date: Thu, 6 Jul 2000 16:23:54 -0700
Do you think that the car thief scenario comes into play here? Maybe an alarm system wont *really* keep a determined thief from stealing a car, but isn't he more likely to move onto something easier? And, yes, I do understand the mentality of the "bigger challenge". But, I've been able to identify the true source of a forged packet and filter it knowing that they could switch to attacking from another IP. However, I think only once or twice out of thirty or so incidents over the past few years have they come back in anytime soon from anywhere else. Karyn -----Original Message----- From: jlewis () lewis org [mailto:jlewis () lewis org] Sent: Thursday, July 06, 2000 2:35 PM To: Dan Hollis Cc: nanog () merit edu Subject: Re: RBL-type BGP service for known rogue networks? On Thu, 6 Jul 2000, Dan Hollis wrote:
1) Someone sets up server X on company Y network and starts rooting sites. 2) company Y, once notified, refuses to shut down server X, even when its been CONFIRMED server X is indeed rooting sites. 3) company Y has a HISTORY of such attacks and refuses to take any action. tin.it obviously fits all 3 criteria and thus would be blackholed. it might not get them to change their behaviour, but at least people who subscribe to the blackhole list wouldnt be rooted by tin.it customers
Except that any good script kid has root on numerous boxes. Just blocking a well known site full of rooted boxes probably won't do much good since they crack and scan from random boxes all over the world as they root them. ---------------------------------------------------------------------- Jon Lewis *jlewis () lewis org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Current thread:
- RE: RBL-type BGP service for known rogue networks?, (continued)
- RE: RBL-type BGP service for known rogue networks? Karyn Ulriksen (Jul 06)
- RE: RBL-type BGP service for known rogue networks? Karyn Ulriksen (Jul 06)
- RE: RBL-type BGP service for known rogue networks? Karyn Ulriksen (Jul 06)
- Re: RBL-type BGP service for known rogue networks? Steve Sobol (Jul 06)
- RE: RBL-type BGP service for known rogue networks? Christian Nielsen (Jul 06)
- Re: RBL-type BGP service for known rogue networks? Dan Hollis (Jul 06)
- Re: RBL-type BGP service for known rogue networks? Steve Sobol (Jul 06)
- Re: RBL-type BGP service for known rogue networks? Chris Cappuccio (Jul 06)
- Re: RBL-type BGP service for known rogue networks? Steve Sobol (Jul 06)
- Re: RBL-type BGP service for known rogue networks? Valdis . Kletnieks (Jul 06)
- Re: RBL-type BGP service for known rogue networks? Steve Sobol (Jul 06)
- RE: RBL-type BGP service for known rogue networks? Joe Shaw (Jul 07)
- A possible anodyne (was Re: RBL-type BGP service for known rogue networks?). Roland Dobbins (Jul 07)
- Re: RBL-type BGP service for known rogue networks? David Charlap (Jul 06)
- Re: RBL-type BGP service for known rogue networks? Dan Hollis (Jul 06)
- Re: RBL-type BGP service for known rogue networks? John Kristoff (Jul 07)
- Re: RBL-type BGP service for known rogue networks? Shawn McMahon (Jul 07)
- Re: RBL-type BGP service for known rogue networks? Peter van Dijk (Jul 08)
- Re: RBL-type BGP service for known rogue networks? Randy Bush (Jul 08)