Re: IP Black list? -- NONONONONONONONO!!!

[mikem () CRAVETECHNOLOGY COM (Michael Merideth)]

I have to chime in and say that I agree with Travis Pugh's post on this
one.  How on earth will it be decided who is "trusted" enough to decide
what IP traffic I should receive?  Hand it over to Paul Vixie?  I don't
think so.  How on earth will it not become a political tool/weapon?  How
on earth will it not become a giant DoS for script kiddies to exploit
and abuse?

Additionally, what happens to privacy on the Internet if all of the
ISP's out there are terrified of being added to such a blackhole list?
I'll tell you what; it goes out the window.  Already ISP's (and
Universities, lest we forget) are becoming more and more draconian in
what they allow their users to do with their connections.  If this
caught on, an ISP has no reasonable choice but to monitor all of the
activities of all of their users (tracking users that closely would also
make them a more likely tool for law enforcement, and not just for
computer crimes).  If they didn't, they'd be constantly finding
themselves negotiating to have blackhole status removed.

The price of freedom is eternal vigilance, and in no arena is this old
saying playing itself out on a daily basis more than on the Internet.
The choice is ultimately between dealing with your own security and
submitting to the scrutiny of persons unknown.  I, for one, will gladly
accept the former.  Lists such as BUGTRAQ and sites like
Securityfocus.COM make it a community effort, and any resonable sysadmin
can keep up with the information contained there.  If you want to be
ultra-paranoid about portscans, install portsentry.  Don't hand control
of your routers over to some alien organization, no matter how benign
and trustworthy it seems.

My $.02,
Michael Merideth

Adam Kirby wrote:
> I think this is a great idea.  I am interested to see how some of the undeniable implementation issues will be 
> resolved.  In any case, the idea has my support.
>
> AK
>
> > > > Stuart Staniford <stuart () SILICONDEFENSE COM> 05/11/00 01:55PM >>>
> I'm curious to know what folks think of the idea of a real-time blacklist
> for misbehaving IP addresses/blocks.  Some reputable person/organization
> could maintain it, trusted folks known to the co-ordinator could recommend
> IPs to blockade, and then anyone who chose to could implement the list into
> router or firewall rules.
>
> We could start by putting demon.co.uk into it until they stop spraying the
> world with bad packets and repeating the same lame excuses for why they
> still haven't stopped whatever is causing that.  It would also be a good
> place to put Korean Universities and schools, etc that constantly scan us
> and never respond to complaints.  If use of it became widespread, this
> would tend to exert social pressure on bad parts of IP space to clean up
> their act.  Their users wouldn't be able to get to lots of parts of the
> Internet until they satisfied the blacklist co-ordinator that the problem
> was resolved.
>
> Thoughts?
>
> Stuart.
>
> --
> Stuart Staniford  ---  President  ---  Silicon Defense
>                    stuart () silicondefense com
> (707) 445-4355                     (707) 445-4222 (FAX)