Arbor Networks DoS defense product

Scott Francis darkuncle at darkuncle.net
Thu May 16 16:26:06 UTC 2002


On Wed, May 15, 2002 at 06:19:00PM -0700, briareos at otherlands.net said:
[snip]
> On Wed, 15 May 2002, Johannes B. Ullrich wrote:
[briareos at otherlands.net]
> > > > Even more, I would hate to see the advocation of a hostile reaction to 
> > > > what, so far, is not considered a crime.
> > 
> > I agree. Scanning is no crime. But blocking isn't a crime either.
> 
> Agreed.  But this blocking still will do no good.  My previous
> questions still stand.  What about timing?  What about breaking up
> segements of the network to be  scanned by different hosts?  How many
> hits on the linemines constitute blocking?  Are you blocking hosts or
> networks?  Either way, what about dynamic ips?  What about scans done
> from different networks other than that which the supposed attacker is
> originating from.  Universitys, unsecured wireless lans, etc.

So because we can't implement a perfect solution, let's do nothing at all
about the problem?

> PJ

-- 
Scott Francis                   darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager          sfrancis@ [work:]         t o n o s . c o m
GPG public key 0xCB33CCA7              illum oportet crescere me autem minui
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 872 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20020516/78255e40/attachment.sig>


More information about the NANOG mailing list