Arbor Networks DoS defense product
Dan Hollis
goemon at anime.net
Fri May 17 08:00:52 UTC 2002
On Thu, 16 May 2002, Dragos Ruiu wrote:
> But how do you plan to arbitrate disputes about what merits blackholing
> and not on behalf of others? And what guidelines do you use to decide
> on how to initiate black holing? (not critical here, just curious?)
Thats the beauty here, one can provide multiple databases (eg rogue
networks which refuse to shutdown their portscanners, proven spamhausen in
bed with spammers, proven active attackers, etc.) and service providers
can opt in as they like, and apply whatever policy to those routes that
they like.
> > Why are you sending funny packets?
> Any number of reasons... like I have a compromised host
> and I'm watching what it does before shutting it down...
So you have a compromised host attacking sites, you know about it, and
you're allowing it to continue. Whoops it just defaced a federal
government site, and now it has your ip address all over it...
I don't think i'd want to open myself to that kind of liability...
When we catch compromised hosts, we cut their balls off instantly.
> Or maybe the packets don't look funny to me :-).
> Or perhaps the packets were so funny I thought I'd share. ;-)
> Humor is often in the eye of the beholder :-).
Military networks arent well known for their sense of humor, and neither
are federal interest sites...
-Dan
--
[-] Omae no subete no kichi wa ore no mono da. [-]
More information about the NANOG
mailing list