[nsp-sec] Heads-Up - Dalai Lama Live Webcasts
Michael Hornung
hornung at washington.edu
Mon Apr 14 13:21:09 EDT 2008
Hi, I'm curious to hear more about the down-sides of publishing blackhole
lists. I'm not affiliated with the project you cited, but I am curious.
It seems that the bad guys will know when they get blocked from a given
network, so I wonder why it's bad to list blocked networks - do you see it
as an invitation for retribution?
__
Michael Hornung
Network Systems
University of Washington
On Mon, 14 Apr 2008 at 11:09, Smith, Donald wrote:
|----------- nsp-security Confidential --------
|
|Daniel hubble.cs.washington.edu was recently brought to my attention.
|
|It appears to be legit however I question it's benefit.
|Some ISPs blackhole ip addresses or cidr blocks to protect customers.
|
|However what it shows isn't just what we call blackholes. It
|connectivity loss too.
|
|I personally wouldn't want a list of blackholes published. Networks or
|IP addresses that get blackholed are usually blackholed for a good
|reason and letting the bad guys know which networks blackholed their
|malicious sites is in my opinion not conducive to good Internet
|security.
|
|
|RM=for(1)
|{manage_risk(identify_risk(product[i++]) &&
|(identify_threat[product[i++]))}
|Donald.Smith at qwest.com giac
More information about the nsp-security
mailing list