[nsp-sec] How to get a global K-line?

Scott A. McIntyre scott at xs4all.net
Tue Mar 25 03:50:08 EDT 2008 

On Mar 25, 2008, at 04:25 , John Fraizer wrote:
> ----------- nsp-security Confidential --------
>
> ..which  requires dpi which if I could do (easily) now would make  
> the entire thread moot.  I acknowledge the premis of my post is  
> flawed.  In the absense of money for a dpi and or a sufficient  
> scrubbing platform, I'm grasping at straws though. :(


Hey John,

I understand your frustration, and sometimes I've wished I could do  
the same -- for similar reasons.  I can't afford DPI at the speeds we  
run and the politics involved with making an outgoing-IRC-filter would  
be, well, messy.

But that *PALES* in significance as compared to the politics of your  
average IRC network.  Your request for a "Global K-Line" will be the  
proverbial Golden Apple with "kallisti" embossed.  I've been an IRC  
operator since the late 1980's (yes, since it started) and over the  
years I've only seen the politics around who/what is filtered, by  
whom, when, for how long become more and more bitter.

Even if you wanted such a K-Line, I guarantee you that on any given  
network there WILL be operators who don't install the line just to  
annoy you, or out of some sense of identification with your blocked  
customers.  Your downstream customers will just run proxies or  
bouncers, and whilst that may shift the initial DDoS effect off your  
network, it doesn't really solve the underlying problem.

My recommendation is to try to turn your need/frustration here into a  
management supportable proposal; maybe an opt-outable filter on the  
network that is enabled by default, but customers can choose to opt- 
out of (at their own peril).  If the inbound DDoS traffic is enough to  
make you consider the k-line approach, it seems that it shouldn't be  
too hard to convince management to spend money on other ways to solve  
the problem.

Anyway, sorry to say, I just don't think you'll get your K-line dream,  
the IRC networking community is by and large just not .. calm ..  
enough to provide that sort of assistance, I feel.

Good luck,

Scott A. McIntyre
XS4ALL Internet B.V.
(ircnet/efnet/undernet/quakenet)

More information about the nsp-security mailing list