RE: RBL-type BGP service for known rogue networks?
Isn't that why some sort of intrusion/exploit-detection system integrated with ACLs would perhaps be a better remedy? -----Original Message----- From: John Kristoff [mailto:jtk@depaul.edu] Sent: Friday, July 07, 2000 1:48 PM To: nanog@merit.edu Subject: Re: RBL-type BGP service for known rogue networks? Shawn McMahon wrote:
I was referring to the case where an organization is blackholed without sufficient cause, which in effect is a denail of service on that organization.
Nonsense. It's a boycott, not a denial of service. And it's just a boycott, it's not even picketting out front with signs.
Perhaps I wasn't clear... The organization in question does nothing wrong... but somehow gets in the blackhole list either by someone spoofing their netblocks, from faked complaints or other means. Thus, causing the said organization to be denied connectivity by some malicious person(s). John
rdobbins@netmore.net wrote:
Isn't that why some sort of intrusion/exploit-detection system integrated with ACLs would perhaps be a better remedy?
Dealing with false positives and "intentional" black holing would be a difficult thing to get right. It sounds like the MAPS approach someone mentioned earlier would be workable. John
participants (2)
-
John Kristoff -
rdobbins@netmore.net