filtering whitehouse.gov?
Matt Levine
matt at deliver3.com
Sun Jul 22 04:23:53 UTC 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Moreover, bbn (whitehouse.gov's upstream) is blackholing it
themselves, why would you NOT blackhole it and waste your bw when
it's gonna get blackholed along the way anyway?
Matt
- --
Matt Levine
@Home: matt at deliver3.com
@Work: matt at eldosales.com
ICQ : 17080004
PGP : http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x6C0D04CF
- -----Original Message-----
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf
Of John Starta
Sent: Saturday, July 21, 2001 10:10 PM
To: jono at networkcommand.com
Cc: Andreas Plesner Jacobsen - Tiscali; nanog at nanog.org
Subject: Re: filtering whitehouse.gov?
At 04:29 PM 7/21/01 -0700, Jon O . wrote:
>On 22-Jul-2001, Andreas Plesner Jacobsen - Tiscali wrote:
>
> > No, since it is known that the provider hosting www1 and
> > www2.whitehouse.gov has already blackholed www1, and
> > www.whitehouse.gov only resolves to www2 now. And then there's
> > the big difference between operational stability and poltical
> > stability, of which operational is the primary concern to me at
> > least.
>
>Yes, because your fix is for this worm and luckily it only attacks
>www1. The next one might not be so benign and blackholing routes is
>not the answer. Also, it makes it harder to ID infected hosts so
>you can fix them.
Blackholing routes doesn't prevent you from identifying possibility
infected hosts. It simply means that you're not going to participate
in the
abuse of anothers network and/or host. You can still log the traffic
destine for the target.
jas
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBO1pVWcp0j1NsDQTPEQKQoACgzipHzlRlxWBkI+hbTcwaNbLeyUAAoNd0
UWLxY5wLzirdYfYQqzBj+Jzj
=KEGb
-----END PGP SIGNATURE-----
More information about the NANOG
mailing list