nanog mailing list archives
RE: RBL-type BGP service for known rogue networks?
From: rdobbins () netmore net
Date: Fri, 7 Jul 2000 17:21:56 -0700
Sure; I see your point. Thing is, though you don't -have- to make the ACL thing automatic - you can have someone sitting and watching the thing, and triggering it manually after positive identification. -----Original Message----- From: John Kristoff [mailto:jtk () depaul edu] Sent: Friday, July 07, 2000 5:01 PM To: nanog () merit edu Subject: Re: RBL-type BGP service for known rogue networks? rdobbins () netmore net wrote:
I certainly don't think that intrusion-detection makes sense for the backbones and NAPs and so forth, but when you get closer to the traffic-orginator/requestor boundaries of the network, it becomes more feasible, does it not?
Perhaps. It might be less detrimental to the entire Internet community if only a edge customer's dynamic IDS/filtering system went haywire. It then boils down to an organization's design and support philosophy. Personally, I don't like the idea of messing with packets/streams in transit unless it's route them, drop them (congestion) or mark them (IP ToS bits/DiffServ). There of course may be a few instances where you block an entire netblock (e.g. RFC 1918) or specific ports (e.g. snmp) that are widely know to be insecure or invalid. It seems easier in the long run (harder intially) to secure the end systems. Maybe I'm just getting used to vendors automatically configuring my network with the routing protocols and I'm not quite ready for automatic ACL definitions based on traffic patterns. :-) John
Current thread:
- Re: RBL-type BGP service for known rogue networks?, (continued)
- Re: RBL-type BGP service for known rogue networks? Chris (Jul 07)
- RE: RBL-type BGP service for known rogue networks? Vijay Gill (Jul 07)
- Re: RBL-type BGP service for known rogue networks? Steve Noble (Jul 07)
- Re: RBL-type BGP service for known rogue networks? Steve Sobol (Jul 07)
- Re: RBL-type BGP service for known rogue networks? John Kristoff (Jul 07)
- Re: RBL-type BGP service for known rogue networks? Steve Sobol (Jul 07)
- Re: RBL-type BGP service for known rogue networks? John Kristoff (Jul 07)
- RE: RBL-type BGP service for known rogue networks? Randy Bush (Jul 08)
- Re: RBL-type BGP service for known rogue networks? Shawn McMahon (Jul 08)
- RE: RBL-type BGP service for known rogue networks? Roeland M.J. Meyer (Jul 08)
- Re: RBL-type BGP service for known rogue networks? Peter van Dijk (Jul 08)
- Re: RBL-type BGP service for known rogue networks? Eric A. Hall (Jul 08)
- RE: RBL-type BGP service for known rogue networks? Sabri Berisha (Jul 08)
- RE: RBL-type BGP service for known rogue networks? Sabri Berisha (Jul 08)
- RE: RBL-type BGP service for known rogue networks? Roeland M.J. Meyer (Jul 08)
- Re: RBL-type BGP service for known rogue networks? Rodney Joffe (Jul 08)