Re: IP Black list?

[tpugh () SHORE NET (Travis Pugh)]

Perhaps you're reading too much into what I wrote.  MAPS gets people into
political brawls.  An IP blackhole would too, except that it would have
the side effect of allowing me to spoof an nmap and blow someone I don't
like arbitrarily off the net.

-travis

On Mon, 15 May 2000, Paul L Schmehl wrote:

> Since when did ISPs not have the right to blackhole any netblock they want?
> Customers are free to go elsewhere if they don't like the results, but the
> ISP can do whatever it wants.
>
> The market will decide whether their blackholing is commercially viable.
>
> I'm a network engineer too, and global reachability is the *least* of my
> concerns.  We use MAPS and are *very* happy with the amount of traffic our
> users don't have to deal with - the sex scams, the pyramid scheme scams,
> the get-rich-quick scams, etc., etc., etc.
>
> We *will* create a specific exception for a site someone really needs to
> get mail from, but not until they have at least attempted to resolve the
> problem on the other end.  I doubt our network will *ever* be reachable by
> every other network in the world.  Some of them don't deserve to connect to
> us, because they refuse to fix their broken mail servers and they refuse to
> deal with their abusive users.
>
> --On Monday, May 15, 2000 7:29 AM -0400 Travis Pugh <tpugh () SHORE NET> wrote:
>
> > Stuart:  I think this is a particularly dangerous idea, both politically
> > and from a technical standpoint.  It just turns into a game of
> > brinksmanship.
> >
> > For example, there's a little ISP called PilotNet, who claims to offer
> > "secure" internet services.  As part of the package, they tied their IDS
> > to their border routers, and blackhole addresses and blocks if they see
> > port scans or other questionable behavior.  Sadly, this has led to an
> > operational behavior, which all blackholes gravitate toward (sorry*), of
> > shooting first and asking questions later.  My experience with the company
> > is that a single port scan from one of our shell users was enough for them
> > to blackhole the entire subnet, without ever contacting our security
> > department or sending an email.
> >
> > When someone blackholes an address or netblock, they DoS their users,
> > too.  This might be an acceptable level of risk for a corporation, but
> > ISPs could never get away with it.
> >
> > The other issue I see is the same one that has popped up with MAPS and
> > other spam blackholes.  The "reputable person/organization" and "trusted
> > folks" are chosen based on some people's opinions of them, and many others
> > might not agree.  This leads to blackholing based on bias or political
> > disagreement ... not a good thing.
> >
> > Of course, I have my own biases.  I'm a network engineer ... global
> > reachability is more important to me than removing annoying traffic.
> >
> > Thanks.
> >
> > Travis Pugh
> > Shore.Net
> >
> > On Thu, 11 May 2000, Stuart Staniford wrote:
> >
> > > I'm curious to know what folks think of the idea of a real-time blacklist
> > > for misbehaving IP addresses/blocks.  Some reputable person/organization
> > > could maintain it, trusted folks known to the co-ordinator could
> > > recommend IPs to blockade, and then anyone who chose to could implement
> > > the list into router or firewall rules.
> > >
> > > We could start by putting demon.co.uk into it until they stop spraying
> > > the world with bad packets and repeating the same lame excuses for why
> > > they still haven't stopped whatever is causing that.  It would also be a
> > > good place to put Korean Universities and schools, etc that constantly
> > > scan us and never respond to complaints.  If use of it became
> > > widespread, this would tend to exert social pressure on bad parts of IP
> > > space to clean up their act.  Their users wouldn't be able to get to
> > > lots of parts of the Internet until they satisfied the blacklist
> > > co-ordinator that the problem was resolved.
> > >
> > > Thoughts?
> > >
> > > Stuart.
> > >
> > > --
> > > Stuart Staniford  ---  President  ---  Silicon Defense
> > >                    stuart () silicondefense com
> > > (707) 445-4355                     (707) 445-4222 (FAX)
>
>
>
> Paul L. Schmehl, pauls () utdallas edu
> Technical Support Services Manager
> The University of Texas at Dallas