"portscans" (was Re: Arbor Networks DoS defense product)
Dan Hollis
goemon at anime.net
Sun May 19 07:12:01 UTC 2002
On Sat, 18 May 2002, Scott Francis wrote:
> On Sat, May 18, 2002 at 11:05:34PM -0400, woods at weird.com said:
> > attacked any host or network that I was not directly responsible for.
> > If you don't want the public portions of your network mapped then you
> > should withdraw them from public view.
> Agreed there. Defense is important. It might be good to note that I'm not
> giving a blanket condemnation of all portscans at all times; but as a GENERAL
> RULE, portscans from strangers, especially methodical ones that map out a
> network, are a precursor to some more unsavory activity.
And what the critics keep missing is that it will take several landmine
hits across the internet to invoke a blackhole. Just scanning a few
individual hosts or /24s won't do it.
There are three aims of the landmine project:
1) early warning
2) defensive response
3) deterrence
I realize such a project won't be absolutely, positively perfect in every
aspect, and it won't satisfy 100% of the people 100% of the time. But
that's hardly an excuse to not do it. IMO the positives outweigh the
negatives by far.
-Dan
--
[-] Omae no subete no kichi wa ore no mono da. [-]
More information about the NANOG
mailing list