nanog mailing list archives

RE: RBL-type BGP service for known rogue networks?

From: rdobbins () netmore net
Date: Fri, 7 Jul 2000 16:19:27 -0700



But that's why we have human beings in the NOCs, no?

As I'm mucking about with the Cisco Netranger/IDS on one of my networks,
I've been able to winnow down the false-positives substantially, and am
still working on improving its reliability further.  

I certainly don't think that intrusion-detection makes sense for the
backbones and NAPs and so forth, but when you get closer to the
traffic-orginator/requestor boundaries of the network, it becomes more
feasible, does it not?

-----Original Message-----
From: John Kristoff [mailto:jtk () depaul edu]
Sent: Friday, July 07, 2000 1:59 PM
To: nanog () merit edu
Subject: Re: RBL-type BGP service for known rogue networks?



rdobbins () netmore net wrote:

Isn't that why some sort of intrusion/exploit-detection system integrated
with ACLs would perhaps be a better remedy?


Dealing with false positives and "intentional" black holing would be a
difficult thing to get right.  It sounds like the MAPS approach someone
mentioned earlier would be workable.

John

Current thread:

Re: RBL-type BGP service for known rogue networks?, (continued)
- - Re: RBL-type BGP service for known rogue networks? Steve Sobol (Jul 07)
  - Message not available
    - RE: RBL-type BGP service for known rogue networks? Kai Schlichting (Jul 07)
    - Re: RBL-type BGP service for known rogue networks? Chris (Jul 07)
    - RE: RBL-type BGP service for known rogue networks? Vijay Gill (Jul 07)
    - Re: RBL-type BGP service for known rogue networks? Steve Noble (Jul 07)
    - Re: RBL-type BGP service for known rogue networks? Steve Sobol (Jul 07)
- RE: RBL-type BGP service for known rogue networks? rdobbins (Jul 07)
  - Re: RBL-type BGP service for known rogue networks? John Kristoff (Jul 07)
- RE: RBL-type BGP service for known rogue networks? Karyn Ulriksen (Jul 07)
  - Re: RBL-type BGP service for known rogue networks? Steve Sobol (Jul 07)
- RE: RBL-type BGP service for known rogue networks? rdobbins (Jul 07)
  - Re: RBL-type BGP service for known rogue networks? John Kristoff (Jul 07)
- RE: RBL-type BGP service for known rogue networks? rdobbins (Jul 07)
- RE: RBL-type BGP service for known rogue networks? rdobbins (Jul 08)
  - RE: RBL-type BGP service for known rogue networks? Randy Bush (Jul 08)
    - Re: RBL-type BGP service for known rogue networks? Shawn McMahon (Jul 08)
    - RE: RBL-type BGP service for known rogue networks? Roeland M.J. Meyer (Jul 08)
  - Re: RBL-type BGP service for known rogue networks? Peter van Dijk (Jul 08)
  - Re: RBL-type BGP service for known rogue networks? Eric A. Hall (Jul 08)
  - RE: RBL-type BGP service for known rogue networks? Sabri Berisha (Jul 08)
    - RE: RBL-type BGP service for known rogue networks? Sabri Berisha (Jul 08)

(Thread continues...)