RE: RBL-type BGP service for known rogue networks?

[Karyn Ulriksen <kulriksen () publichost com>]

Do you think that the car thief scenario comes into play here?  Maybe an
alarm system wont *really* keep a determined thief from stealing a car, but
isn't he more likely to move onto something easier?

And, yes, I do understand the mentality of the "bigger challenge".  But,
I've been able to identify the true source of a forged packet and filter it
knowing that they could switch to attacking from another IP.  However, I
think only once or twice out of thirty or so incidents over the past few
years have they come back in anytime soon from anywhere else.

Karyn

-----Original Message-----
From: jlewis () lewis org [mailto:jlewis () lewis org]
Sent: Thursday, July 06, 2000 2:35 PM
To: Dan Hollis
Cc: nanog () merit edu
Subject: Re: RBL-type BGP service for known rogue networks?



On Thu, 6 Jul 2000, Dan Hollis wrote:

> 1) Someone sets up server X on company Y network and starts rooting sites.
> 2) company Y, once notified, refuses to shut down server X, even when its
>    been CONFIRMED server X is indeed rooting sites.
> 3) company Y has a HISTORY of such attacks and refuses to take any action.
>
> tin.it obviously fits all 3 criteria and thus would be blackholed. it
> might not get them to change their behaviour, but at least people who
> subscribe to the blackhole list wouldnt be rooted by tin.it customers

Except that any good script kid has root on numerous boxes.  Just blocking
a well known site full of rooted boxes probably won't do much good since
they crack and scan from random boxes all over the world as they root
them.

----------------------------------------------------------------------
 Jon Lewis *jlewis () lewis org*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |  
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________