North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: [nanog] Re: SMURF amplifier block list

  • From: Jeremy Porter
  • Date: Sun Apr 12 17:46:12 1998

In message <Pine.LNX.3.95.980411203415.26653D-100000@bisco.clark.net>, Stephen 
Balbach writes:
>On Sat, 11 Apr 1998, Michael Dillon wrote:
>
>> On Sat, 11 Apr 1998, Sean M. Doran wrote:
>> 
>> > This is a monumental admission: I think Karl is doing the right thing.
>> 
>> However there are a couple of minor flaws that could be fixed.
>> 
>> One is to sort the list by IP address to make it easier for folks to scan
>> through and see if they recognize any addresses of companies that they
>> have some contact with. Even better would be to include the netblock names
>> from whois.arin.net.
>> 
>> And the other is to include the URL of a website that explains how to fix
>> the problem. This makes it a whole lot easier to explain to people. 
>> 
>> P.S. maybe there is a 3rd flaw.... Maybe the list should be posted to
>>      alt.2600 as well? >:->
>
>Another problem. Say I (and others) use this list. How do I know when the
>perpetrators fix it? They may contact Karl. Karl may or may not keep the
>blacklist alive on nanog 2 years from now. Bad sites gone good are still
>blocked from my site. Is there a easy way to independently verify if it's
>been fixed?

Uh, ping the broadcast address?  

>Even better if someone kept a central list with accountability. Perhaps
>you could pay for verified updated access-lists..  prevent SMURF attacks,
>emergency DoS attack swat teams for hire, etc.. a 1-2 man consulting
>operation.

I think this is a bad idea and has been run into the ground previously.



---
Jeremy Porter, Freeside Communications, Inc.      jerry@fc.net
PO BOX 80315 Austin, Tx 78708  | 512-458-9810
http://www.fc.net