Re: "portscans" (was Re: Arbor Networks DoS defense product)

[Dan Hollis <goemon () anime net>]

On Sat, 18 May 2002, Scott Francis wrote:
> On Sat, May 18, 2002 at 11:05:34PM -0400, woods () weird com said:
> > attacked any host or network that I was not directly responsible for.
> > If you don't want the public portions of your network mapped then you
> > should withdraw them from public view.
> Agreed there. Defense is important. It might be good to note that I'm not
> giving a blanket condemnation of all portscans at all times; but as a GENERAL
> RULE, portscans from strangers, especially methodical ones that map out a
> network, are a precursor to some more unsavory activity.

And what the critics keep missing is that it will take several landmine 
hits across the internet to invoke a blackhole. Just scanning a few 
individual hosts or /24s won't do it.

There are three aims of the landmine project:

1) early warning
2) defensive response
3) deterrence

I realize such a project won't be absolutely, positively perfect in every 
aspect, and it won't satisfy 100% of the people 100% of the time. But 
that's hardly an excuse to not do it. IMO the positives outweigh the 
negatives by far.

-Dan
-- 
[-] Omae no subete no kichi wa ore no mono da. [-]