-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Moreover, bbn (whitehouse.gov's upstream) is blackholing it themselves, why would you NOT blackhole it and waste your bw when it's gonna get blackholed along the way anyway? Matt - -- Matt Levine @Home: matt@deliver3.com @Work: matt@eldosales.com ICQ : 17080004 PGP : http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x6C0D04CF - -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of John Starta Sent: Saturday, July 21, 2001 10:10 PM To: jono@networkcommand.com Cc: Andreas Plesner Jacobsen - Tiscali; nanog@nanog.org Subject: Re: filtering whitehouse.gov? At 04:29 PM 7/21/01 -0700, Jon O . wrote:
On 22-Jul-2001, Andreas Plesner Jacobsen - Tiscali wrote:
No, since it is known that the provider hosting www1 and www2.whitehouse.gov has already blackholed www1, and www.whitehouse.gov only resolves to www2 now. And then there's the big difference between operational stability and poltical stability, of which operational is the primary concern to me at least.
Yes, because your fix is for this worm and luckily it only attacks www1. The next one might not be so benign and blackholing routes is not the answer. Also, it makes it harder to ID infected hosts so you can fix them.
Blackholing routes doesn't prevent you from identifying possibility infected hosts. It simply means that you're not going to participate in the abuse of anothers network and/or host. You can still log the traffic destine for the target. jas -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBO1pVWcp0j1NsDQTPEQKQoACgzipHzlRlxWBkI+hbTcwaNbLeyUAAoNd0 UWLxY5wLzirdYfYQqzBj+Jzj =KEGb -----END PGP SIGNATURE-----