[nsp-sec] Hubble the blackhole finder

Smith, Donald Donald.Smith at qwest.com
Mon Apr 14 13:46:20 EDT 2008 

As a general discussion item this should probably be taken to
nsp-discuss.
ALL of my comments can be included in that discussion (permission to
cross post MY comments).

Short answer: I don't want to make it easier for the bad guys to know
when/where they were blackholed or ratelimited.


RM=for(1)
{manage_risk(identify_risk(product[i++]) &&
(identify_threat[product[i++]))}
Donald.Smith at qwest.com giac 

> -----Original Message-----
> From: Michael Hornung [mailto:hornung at washington.edu] 
> Sent: Monday, April 14, 2008 11:21 AM
> To: Smith, Donald
> Cc: nsp-security at puck.nether.net
> Subject: Re: [nsp-sec] Heads-Up - Dalai Lama Live Webcasts
> 
> Hi, I'm curious to hear more about the down-sides of 
> publishing blackhole 
> lists.  I'm not affiliated with the project you cited, but I 
> am curious.  
> It seems that the bad guys will know when they get blocked 
> from a given 
> network, so I wonder why it's bad to list blocked networks - 
> do you see it 
> as an invitation for retribution?
> 
> __
> Michael Hornung
> Network Systems
> University of Washington
> 
> On Mon, 14 Apr 2008 at 11:09, Smith, Donald wrote:
> 
> |----------- nsp-security Confidential --------
> |
> |Daniel hubble.cs.washington.edu was recently brought to my attention.
> |
> |It appears to be legit however I question it's benefit.
> |Some ISPs blackhole ip addresses or cidr blocks to protect customers.
> |
> |However what it shows isn't just what we call blackholes. It
> |connectivity loss too.
> |
> |I personally wouldn't want a list of blackholes published. 
> Networks or
> |IP addresses that get blackholed are usually blackholed for a good
> |reason and letting the bad guys know which networks blackholed their
> |malicious sites is in my opinion not conducive to good Internet
> |security.
> |
> |
> |RM=for(1)
> |{manage_risk(identify_risk(product[i++]) &&
> |(identify_threat[product[i++]))}
> |Donald.Smith at qwest.com giac 
> 


This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly 
prohibited and may be unlawful.  If you have received this communication 
in error, please immediately notify the sender by reply e-mail and destroy 
all copies of the communication and any attachments.

More information about the nsp-security mailing list