North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: RBL-type BGP service for known rogue networks?
On 6 Jul 2000, Sean Donelan wrote: > On Thu, 6 Jul 2000, Dan Hollis wrote: > > tin.it obviously fits all 3 criteria and thus would be blackholed. it > > might not get them to change their behaviour, but at least people who > > subscribe to the blackhole list wouldnt be rooted by tin.it customers > While this might seem to be a belt and suspenders approach, anyone who > cares about their machines being rooted spends their time securing > their machines. After securing your machines, RBL'ing tin.it is just > extra work. On the other hand, RBLing tin.it is of limited prophylactic > value since, if you haven't secured your machines, the script kiddies > will just root your machine from elsewhere. A neat trick if you actually directly control all the machines in your network. If you dont, then a scriptkiddie blackhole list does help. Can you think of any good reason to continue accepting tin.it packets? I cant. Just because its not a perfect solution doesnt mean it doesnt have any value whatsoever. And if tin.it suddenly is unable to reach some portion of the internet due to blackholing, they might actually bother to do something. (well, we can hope.) -Dan