Security Incidents mailing list archives
Re: tin.it and others non collaborative isps.
From: bejtlich () ALTAVISTA NET (Richard Bejtlich)
Date: Tue, 11 Jul 2000 10:24:22 -0000
Hello Osvaldo, I believe that blocking ISPs should be a short-term defensive step, usually taken if the offending host finds a vulnerability on your network. Blocking MAY give you enough time to correct the vulnerability, if you have 24x7 real time monitoring and can fix the problem before the black-hat exploits it. On another level, blocking in response to any perceived malicious activity must be weighed against other factors. Determined black-hats laugh at blocking, as they maintain multiple compromised hosts as staging points. Also, one can trivially conduct a decoy attack, causing you to block traffic from completely innocent sites. For these reasons and more, I could not support an IP "black list." I do believe sites which advertise "smurf amplifying networks" are useful, as their scope is limited and the accuracy easily verifiable. Richard Bejtlich -- IMHO it's a good idea if we unite and block ips from ISP's like tin.it. They will collaborate as soon as their clients start to complain that they can't access some address. What about a page that contains all the IPs that we must block and the reasons for that? -- Osvaldo Janeri Filho
Current thread:
- lifestages on IRC, (continued)
- lifestages on IRC Omicron N (Jul 09)
- Re: lifestages on IRC Robert van der Meulen (Jul 10)
- Re: lifestages on IRC Vincent Hillier (Jul 10)
- Re: lifestages on IRC T. H. Haymore (Jul 10)
- lifestages on IRC Omicron N (Jul 09)
- Re: scan log and subsequent response from the host's ISP Forrester, Mike (Jul 07)
- tin.it and others non collaborative isps. Osvaldo Janeri Filho (Jul 07)
- Re: tin.it and others non collaborative isps. Bradley Woodward (Jul 10)
- Some stats of events Henri J. Schlereth (Jul 10)
- Re: tin.it and others non collaborative isps. gabriel rosenkoetter (Jul 10)
- Re: tin.it and others non collaborative isps. Philipp Buehler (Jul 11)
- Re: tin.it and others non collaborative isps. Richard Bejtlich (Jul 11)
- Hostile email mmurray () TAOS COM (Jul 12)
- I Was rooted Andrew Heath (Jul 17)
- Obfuscated URL's in spam Kee Hinckley (Jul 18)
- 85.85.85.85 weirdness Wozz (Jul 18)
- Re: 85.85.85.85 weirdness Pascal Bouchareine (Jul 19)
- Re: 85.85.85.85 weirdness Wozz (Jul 19)
- Re: 85.85.85.85 weirdness Jud (Jul 19)
- msnhome.talkcity.com Dirk Koopman (Jul 21)
- Re: msnhome.talkcity.com Ryan Yagatich (Jul 24)
- Anyone ever heard of "rlumkaus" virus/bug/trojan/backdoor? Litscher, Steven (Jul 21)
- tin.it and others non collaborative isps. Osvaldo Janeri Filho (Jul 07)