On Thu, 16 May 2002, Dragos Ruiu wrote:
But how do you plan to arbitrate disputes about what merits blackholing and not on behalf of others? And what guidelines do you use to decide on how to initiate black holing? (not critical here, just curious?)
Thats the beauty here, one can provide multiple databases (eg rogue networks which refuse to shutdown their portscanners, proven spamhausen in bed with spammers, proven active attackers, etc.) and service providers can opt in as they like, and apply whatever policy to those routes that they like.
Why are you sending funny packets? Any number of reasons... like I have a compromised host and I'm watching what it does before shutting it down...
So you have a compromised host attacking sites, you know about it, and you're allowing it to continue. Whoops it just defaced a federal government site, and now it has your ip address all over it... I don't think i'd want to open myself to that kind of liability... When we catch compromised hosts, we cut their balls off instantly.
Or maybe the packets don't look funny to me :-). Or perhaps the packets were so funny I thought I'd share. ;-) Humor is often in the eye of the beholder :-).
Military networks arent well known for their sense of humor, and neither are federal interest sites... -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]