nanog mailing list archives
Re: Arbor Networks DoS defense product
From: Dan Hollis <goemon () anime net>
Date: Fri, 17 May 2002 01:00:52 -0700 (PDT)
On Thu, 16 May 2002, Dragos Ruiu wrote:
But how do you plan to arbitrate disputes about what merits blackholing and not on behalf of others? And what guidelines do you use to decide on how to initiate black holing? (not critical here, just curious?)
Thats the beauty here, one can provide multiple databases (eg rogue networks which refuse to shutdown their portscanners, proven spamhausen in bed with spammers, proven active attackers, etc.) and service providers can opt in as they like, and apply whatever policy to those routes that they like.
Why are you sending funny packets?Any number of reasons... like I have a compromised host and I'm watching what it does before shutting it down...
So you have a compromised host attacking sites, you know about it, and you're allowing it to continue. Whoops it just defaced a federal government site, and now it has your ip address all over it... I don't think i'd want to open myself to that kind of liability... When we catch compromised hosts, we cut their balls off instantly.
Or maybe the packets don't look funny to me :-). Or perhaps the packets were so funny I thought I'd share. ;-) Humor is often in the eye of the beholder :-).
Military networks arent well known for their sense of humor, and neither are federal interest sites... -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]
Current thread:
- Re: Arbor Networks DoS defense product, (continued)
- Re: Arbor Networks DoS defense product PJ (May 15)
- Re: Arbor Networks DoS defense product Clayton Fiske (May 15)
- Re: Arbor Networks DoS defense product E.B. Dreger (May 15)
- Re: Arbor Networks DoS defense product Dan Hollis (May 16)
- Re: Arbor Networks DoS defense product Valdis . Kletnieks (May 17)
- Re: Arbor Networks DoS defense product Dan Hollis (May 17)
- Re: Arbor Networks DoS defense product Johannes Ullrich (May 17)
- Re: Arbor Networks DoS defense product Valdis . Kletnieks (May 17)
- Re: Arbor Networks DoS defense product Scott Francis (May 17)
- Re: Arbor Networks DoS defense product Scott Francis (May 17)
- Re: Arbor Networks DoS defense product Scott Francis (May 17)
- Message not available
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Scott Francis (May 18)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Henry Yen (May 18)
- Message not available
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Scott Francis (May 18)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Ralph Doncaster (May 18)
- Re[2]: "portscans" (was Re: Arbor Networks DoS defense product) Allan Liska (May 18)
- Re: Re[2]: "portscans" (was Re: Arbor Networks DoS defense product) E.B. Dreger (May 18)
- Re: Re[2]: "portscans" (was Re: Arbor Networks DoS defense product) Ralph Doncaster (May 19)
- Re: Re[2]: "portscans" (was Re: Arbor Networks DoS defense product) up (May 19)
- Re[4]: "portscans" (was Re: Arbor Networks DoS defense product) Allan Liska (May 19)