nanog mailing list archives
Re: RBL-type BGP service for known rogue networks?
From: "Richard A. Steenbergen" <ras () e-gerbil net>
Date: Thu, 6 Jul 2000 19:44:05 -0400 (EDT)
On Thu, 6 Jul 2000, Dan Hollis wrote:
On Thu, 6 Jul 2000, Tony Mumm wrote:I think that is similar to what you want....and it might be adequate against scanners and other simple hacks. I don't think it would be worth anything against a flood,The BL wouldnt try to block floods or DoS attacks. Its aim is to block sites which originate breakins.
"Script kiddie" sites come in 3 flavors, the script kiddies themselves (dialups or cable modems for the 14 year olds), the "helper sites" aka the sites run by those who are friends of the SKs or associated with them (usually machines on college dorm ethernets or some 18 year old's "linux shell server" business project), and the compromised sites from which attacks are launched. You'd probably have more luck just reporting the security breaches on the hacked machines, I don't know too many places that will take NO action against them assuming you can actually contact them (which can sometimes be extremely difficult to do). Getting the dialups will not be possible with this kind of a system, DHCP makes it useless, and even sites with static addresses like most cable modems will probably not be pollitically possible. Sometimes its difficult to form a proven association between the people behind the mischief and the mischief itself, because after they lose one or two accounts they generally catch on and try not to do it from their direct connections, but its possible. The "helper sites" are questionable as well, I don't see this being viable against university connections, and as for the "helper /24s" these are almost always some 18 year old's attempt at a small business by colo'ing a Linux server at some provider, paying a few hundred for a small connection, etc. Most of these places receive as many attacks as they generate (if any), and quickly get tossed by their providers. I can think of very few actual networks who are entirely uncooperative regarding proveable issues, certainly not enough to make any kind of impact in the grand scheme of things IMHO. While spam has an economic motivation which can draw semi-legit networks into "bad" activities, SK stuff generally does not. I think these are the reasons such a blackhole list has never been done. An unresponsive smurf amplifier blackhole list on the other hand, might be useful... but probably wouldn't have a huge impact either these days... -- Richard A Steenbergen <ras () e-gerbil net> http://www.e-gerbil.net/humble PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
Current thread:
- Re: RBL-type BGP service for known rogue networks?, (continued)
- Re: RBL-type BGP service for known rogue networks? Steve Sobol (Jul 06)
- RE: RBL-type BGP service for known rogue networks? Christian Nielsen (Jul 06)
- Re: RBL-type BGP service for known rogue networks? Dan Hollis (Jul 06)
- Re: RBL-type BGP service for known rogue networks? Steve Sobol (Jul 06)
- Re: RBL-type BGP service for known rogue networks? Chris Cappuccio (Jul 06)
- Re: RBL-type BGP service for known rogue networks? Steve Sobol (Jul 06)
- Re: RBL-type BGP service for known rogue networks? Valdis . Kletnieks (Jul 06)
- Re: RBL-type BGP service for known rogue networks? Steve Sobol (Jul 06)
- RE: RBL-type BGP service for known rogue networks? Joe Shaw (Jul 07)
- A possible anodyne (was Re: RBL-type BGP service for known rogue networks?). Roland Dobbins (Jul 07)
- Re: RBL-type BGP service for known rogue networks? David Charlap (Jul 06)
- Re: RBL-type BGP service for known rogue networks? Dan Hollis (Jul 06)
- Re: RBL-type BGP service for known rogue networks? John Kristoff (Jul 07)
- Re: RBL-type BGP service for known rogue networks? Shawn McMahon (Jul 07)
- Re: RBL-type BGP service for known rogue networks? Peter van Dijk (Jul 08)
- Re: RBL-type BGP service for known rogue networks? Randy Bush (Jul 08)
- Re: RBL-type BGP service for known rogue networks? Greg A. Woods (Jul 08)
- Re: RBL-type BGP service for known rogue networks? Peter van Dijk (Jul 08)
- Re: RBL-type BGP service for known rogue networks? Stephen Stuart (Jul 08)