Re: Arbor Networks DoS defense product

From: Scott Francis (no email)
Date: Fri May 17 2002 - 10:08:47 EDT


On Thu, May 16, 2002 at 02:44:58PM -0700, Dan Hollis <DH> said, in response
to a message on Thu, 16 May 2002 by Dragos Ruiu <DR>:

<DR> Some people are get all hyper and complain. Which is silly imho.
<DR> If you don't like it, stop your network from responding to it.

<DH> Thats exactly what we plan to do with BGP blackholes and landmines.

<DR> Don't bitch and whine if your equipment is silly and leaks info. It's
<DR> not the world's problem to compensate for _your_ inferior network
<DR> architecture or shoddily designed network hardware.

<DH> Then you shouldnt be whining about a BGP blackhole system.

<DR> Portscanning by no means proves "intent". Or should provoke hostile
<DR> reaction.

WRONG. Time to retake Logic 101 and Ethics 101. What other intent than malice
(or, at best, "unhealthy interest in somebody else's network") could
portscanning someone else's network show? If you don't own it, and aren't
involved in an official capacity, chances are high that you should Just Stay
Off. This includes portscans. To do otherwise shows you are probing for
points of attack/entry - I don't see how you can argue otherwise. If I am
missing the obvious altruistic motive for portscanning, please enlighten me.

A portscan is a sign that somebody is probing your defenses, trying to find
out where they might get in. Why should this NOT get a hostile (or at least
defensive) reaction? Looking for any legitimate reason here.

<DH> Blackholing isnt hostile its defensive.

<DR> But then again I'm of the radical opinion that if your host is compromised
<DR> it is your fault for not taking appropriate precautions on inbound
<DR> filters or gateways.

Obviously, the person that actually did the typing to crack a machine is not
responsible for his/her keystrokes. The person that scanned the network to
find weaknesses is surely not culpable for gathering and using such
information. Just like if a bank has 100-year-old security and leave the
vault door open, the person that walks in and picks up a bag of money is not
responsible for stealing - it's the bank's fault for not providing adequate
security.

Yes, network operators have a responsibility to their shareholders, if nobody
else, to secure their networks. But that IN NO WAY takes the responsibility
for illegal action off the shoulders of the person that committed it.

<DH> The blackholing is the response to networks which cant be bothered to
<DH> clean up their compromised hosts. Youre ranting against the wrong target
<DH> im afraid. Please go back and read the thread from the beginning.

<DR> I can't help it if your host does funny things when I send them funny
<DR> packets.... :-)

<DH> Why are you sending funny packets?

Exactly. If you want to send funny packets, send them to your OWN network, or
get a job as a security consultant and do this kind of thing for money. Don't
try to rationalize illegal behaviour by shifting blame to somebody else.

(Note: again, not saying portscanning is illegal. Other activity (break-ins,
etc.) has been discussed in this message.)

-- 
Scott Francis                   darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager          sfrancis@ [work:]         t o n o s . c o m
GPG public key 0xCB33CCA7              illum oportet crescere me autem minui









Hosted Email Solutions

Invaluement Anti-Spam DNSBLs



Powered By FreeBSD   Powered By FreeBSD