Re: Arbor Networks DoS defense product
On Thu, 16 May 2002, Dragos Ruiu wrote:
But that said. Blackholing as a response for portscanning is stupid. If you are a small communications end-point it's dumb. Just run portsentry for a while with auto-firewall rules if you need convincing. If you are a communications service provider providing packet transit for others (even employees), it's hostile.
What if you are portscanned repeatedly by a network and that network refuses to shut down their scanners even after being asked many times (eg, rogue chinese and korean networks) I think that you should leave network policy up to the service provider to decide. -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]
On Fri, May 17, 2002 at 12:50:40AM -0700, goemon@anime.net said:
On Thu, 16 May 2002, Dragos Ruiu wrote:
But that said. Blackholing as a response for portscanning is stupid. If you are a small communications end-point it's dumb. Just run portsentry for a while with auto-firewall rules if you need convincing. If you are a communications service provider providing packet transit for others (even employees), it's hostile.
So it's stupid. Or hostile. Certainly no more stupid (or hostile) than sending out millions of spams, or being the source of thousands of portscans/intrusion attempts, and refusing to take responsibility. Bottom line: network policy is the responsibility of the network operator. If he/she does something that causes bad repercussions (financially), he/she will probably be job hunting. Otherwise, if it's not your network, you really don't have much of a say about how it's run, do you? (If it were otherwise, large sections of APNIC would have been cleaned up long ago by those on the receiving end of portscans and spam.) -- Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t Systems/Network Manager sfrancis@ [work:] t o n o s . c o m GPG public key 0xCB33CCA7 illum oportet crescere me autem minui
participants (2)
-
Dan Hollis
-
Scott Francis