Security Incidents mailing list archives

Re: blackholing t-dialin.net? sympatico.ca?

From: "Robert G. Ferrell" <root () rgfsparc cr usgs gov>
Date: Thu, 8 Mar 2001 10:19:39 -0600

still, this situation continues. is it worth starting to block their
dialin netblocks?


I understand the temptation to take this sort of action, but if you
blacklist an entire range of addresses, what you have effectively
accomplished is to elevate the script kiddie from a mere port scanner
to the instigator of large scale denial of service attack (depending, of
course, on how far upstream you institute the blacklist).

This is a difficult issue, admittedly, but my personal belief is that
putting up with people rattling the doors in your neighborhood is on
the whole preferable to cordoning off the entire block.

Cheers,

RGF

Robert G. Ferrell, CISSP
Information Systems Security Officer
National Business Center
U. S. Dept. of the Interior
Robert_G_Ferrell () nbc gov
========================================
 Who goeth without humor goeth unarmed.
========================================

Current thread:

blackholing t-dialin.net? sympatico.ca? Jose Nazario (Mar 07)
- Re: blackholing t-dialin.net? sympatico.ca? Daniel R. Warner (Mar 07)
- AW: blackholing t-dialin.net? sympatico.ca? Jens Thiel (Mar 07)
- Re: blackholing t-dialin.net? sympatico.ca? Steffen Dettmer (Mar 09)
- <Possible follow-ups>
- Re: blackholing t-dialin.net? sympatico.ca? Bill Royds (Mar 07)
- Re: blackholing t-dialin.net? sympatico.ca? Robert G. Ferrell (Mar 08)
  - Re: blackholing t-dialin.net? sympatico.ca? Jose Nazario (Mar 08)