Arbor Networks DoS defense product

• Previous message (by thread): Arbor Networks DoS defense product
• Next message (by thread): Arbor Networks DoS defense product
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, May 17, 2002 at 12:50:40AM -0700, goemon at anime.net said:
> 
> On Thu, 16 May 2002, Dragos Ruiu wrote:
> > But that said.  Blackholing as a response for portscanning
> > is stupid.
> > If you are a small communications end-point it's dumb.
> > Just run portsentry for a while with auto-firewall rules
> > if you need convincing.
> > If you are a communications service provider providing
> > packet transit for others (even employees), it's hostile.

So it's stupid. Or hostile. Certainly no more stupid (or hostile) than
sending out millions of spams, or being the source of thousands of
portscans/intrusion attempts, and refusing to take responsibility.

Bottom line: network policy is the responsibility of the network operator. If
he/she does something that causes bad repercussions (financially), he/she
will probably be job hunting. Otherwise, if it's not your network, you really
don't have much of a say about how it's run, do you?

(If it were otherwise, large sections of APNIC would have been cleaned up
long ago by those on the receiving end of portscans and spam.)

-- 
Scott Francis                   darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager          sfrancis@ [work:]         t o n o s . c o m
GPG public key 0xCB33CCA7              illum oportet crescere me autem minui
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 872 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20020517/ac125144/attachment.sig>

• Previous message (by thread): Arbor Networks DoS defense product
• Next message (by thread): Arbor Networks DoS defense product
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]