Re: Arbor Networks DoS defense product

[Scott Francis <darkuncle () darkuncle net>]

On Wed, May 15, 2002 at 06:19:00PM -0700, briareos () otherlands net said:
[snip]
> On Wed, 15 May 2002, Johannes B. Ullrich wrote:
[briareos () otherlands net]
> > > > Even more, I would hate to see the advocation of a hostile reaction to 
> > > > what, so far, is not considered a crime.
> >
> > I agree. Scanning is no crime. But blocking isn't a crime either.
>
> Agreed.  But this blocking still will do no good.  My previous
> questions still stand.  What about timing?  What about breaking up
> segements of the network to be  scanned by different hosts?  How many
> hits on the linemines constitute blocking?  Are you blocking hosts or
> networks?  Either way, what about dynamic ips?  What about scans done
> from different networks other than that which the supposed attacker is
> originating from.  Universitys, unsecured wireless lans, etc.

So because we can't implement a perfect solution, let's do nothing at all
about the problem?

> PJ

-- 
Scott Francis                   darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager          sfrancis@ [work:]         t o n o s . c o m
GPG public key 0xCB33CCA7              illum oportet crescere me autem minui

Attachment: _bin
Description: