[nsp-sec] Question for the team - who would be willing to participate in a "exercise"
Chris Morrow
morrowc at ops-netman.net
Tue Oct 31 16:36:08 EDT 2017
On Tue, 31 Oct 2017 15:56:58 -0400,
"Smith, Donald" <Donald.Smith at CenturyLink.com> wrote:
>
> ----------- nsp-security Confidential --------
> > ――――――――――――――――8<――――――――――――――――
> >
> > - for a list of 1M attacking IPs, please prevent them from sending outbound traffic from your networks
> No, unsupported by many of the routers.
>
actually... the question to ask is: "Given a list of 1M bots, how
would you block them in your network?"
Your answer MIGHT be: "no way, sorry"
or: "I split the list of across my edge based on netflow data
collection / analysis"
or: "I put that in iptables on the host being attacked"
or: <something else clever>
The point shouldn't be a proscriptive: "hey, put this on your flarb
and bleep it north", it should be: "here's a problem that generally
seems normal to see for this sort of scenario, how do you react?"
I think GENERALLY the problem the people starting this (that barry is
reacting to) have is: "they are completely unfocused, they have no idea
how any of this works, and they have no idea what problem they are trying
to actually solve"
It seemed to me this was a case of: "Hey, the gov't is willing to fund
us to 'research' a 'policy paper' (or something) so why not go earn a
few million bones?"
I wasn't (and am still not) willing to help them unless they can
really get direction and concrete goals.
-chris
More information about the nsp-security
mailing list