Arbor Networks DoS defense product

Dan Hollis goemon at anime.net
Fri May 17 08:00:52 UTC 2002


On Thu, 16 May 2002, Dragos Ruiu wrote:
> But how do you plan to arbitrate disputes about what merits blackholing 
> and not on behalf of others? And what guidelines do you use to decide 
> on how to initiate black holing?  (not critical here, just curious?)

Thats the beauty here, one can provide multiple databases (eg rogue 
networks which refuse to shutdown their portscanners, proven spamhausen in 
bed with spammers, proven active attackers, etc.) and service providers 
can opt in as they like, and apply whatever policy to those routes that 
they like.

> > Why are you sending funny packets?
> Any number of reasons... like I have a compromised host
> and I'm watching what it does before shutting it down...

So you have a compromised host attacking sites, you know about it, and 
you're allowing it to continue. Whoops it just defaced a federal 
government site, and now it has your ip address all over it...

I don't think i'd want to open myself to that kind of liability...

When we catch compromised hosts, we cut their balls off instantly.

> Or maybe the packets don't look funny to me :-).
> Or perhaps the packets were so funny I thought I'd share. ;-)
> Humor is often in the eye of the beholder :-).

Military networks arent well known for their sense of humor, and neither 
are federal interest sites...

-Dan
-- 
[-] Omae no subete no kichi wa ore no mono da. [-]




More information about the NANOG mailing list