CF> Date: Wed, 15 May 2002 18:13:07 -0700 CF> From: Clayton Fiske CF> There is no preset definition of how it has to work. Perhaps CF> it can be evolved enough to where it only triggers when an CF> exploit is attempted, rather than just on a TCP connection. Sounds sorta like the SMTP *BL debate with a new spin. Data exist; how one uses them is a matter of preference. IMHO, landmines would be a very handy way to get a "big picture" view. What threshold triggers what activity is up to the user. I could quickly write a script to find origin ASN of anyone who pings <machine x>, find all prefixes with that origin ASN, and blackhole them. And it would be a pretty stupid manuever, so I hopefully would know better. I don't see how landmines are any different... one needn't use the feed in a predetermined manner. I think there are more than a few people who can bang out code, or who know those who can, hanging out on here. -- Eddy Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <blacklist@brics.com> To: blacklist@brics.com Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <blacklist@brics.com>, or you are likely to be blocked.