Spitballing IoT Security

J. Oquendo joquendo at e-fensive.net
Mon Oct 24 20:53:25 UTC 2016


On Mon, 24 Oct 2016, Steve Mikulasik wrote:

> if we automatically blackholed those IPs as they get updated it could put a big dent in the effectiveness of Zeus.
> 

That would involve someone lifting a finger and implement
a config change. Much easier to implement BCP38 or was it
RFC 4732? Would never work the moment someone has to lift
a finger.

/*
I think I'll change my position on BCP38.  It's pointless to try
blocking spoofed source addresses because:

* It doesn't solve every single problem
* It means more effort for service providers
* It requires more CPU processing power
* Using it will generate smarter "black hats".

https://www.nanog.org/mailinglist/mailarchives/old_archive/2004-10/msg00132.html

*/


-- 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM

"Where ignorance is our master, there is no possibility of
real peace" - Dalai Lama

0B23 595C F07C 6092 8AEB  074B FC83 7AF5 9D8A 4463
https://pgp.mit.edu/pks/lookup?op=get&search=0xFC837AF59D8A4463


More information about the NANOG mailing list