May be some kind of real-blacklist will be ok? Posted somewhere, mailed between sysadmins and so on.
I got DoS-ed on one of our servers (an irc server) with a STUPID icmp flood (which managed to bring down the link of our isp...:p) The result: 20-30 automated "official" messages from that donkey sysadmins saying that their network is being pinged by my server on broadcast address... Hmmm.. I explained them: 1. is not ok to setup automated messages for this issue; 2. what a icmp flood looks like, the philosophy, etc; 3. that he/she MUST deny any inbound/outbound traffic from the broadcast address. The result? You'll never guess.. a) no reply. b) several days later, same thing. icmp flood. then the "official scarry message" Well, in this case i should consider some kind of blacklist of week or puny sysadmins. Secondly... it would be GREAT if all isps around the world will install a MINIMUM DECENT ip spoofing applied to OUTBOUND traffic. Is really not so hard. At least, ie for the icmp flood the attacker will be forced to launch the icmp ocho requests from inside victim isp. On Wednesday 06 March 2002 19:32, McCammon, Keith wrote: > [NOTE: Not intended to flame this poster, or anyone else for that > matter. Just stopping this before it starts again.] > > This has nothing to do with responsibility, legality, etc. The original > post requested information about IDS active/intrusive response. In > response, several of us outlined products with these types of > capabilities, as well as outlining some of the reasoning behind the > support (or lack thereof )for active and/or intrusive response. Period. > > No one cares who we all *think* should be held responsible. We all > *know* who should be held responsible, but it is irrelevant to this > discussion. > > Please take these arguments offline. > > Many thanks, > > Keith > > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, March 06, 2002 12:22 PM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; McCammon, Keith; > [EMAIL PROTECTED]; [EMAIL PROTECTED]; > [EMAIL PROTECTED] > Subject: RE: IDS that retaliates. > > > I see your point. However, that is like saying the innocent is not > innocent > until proven guilty. Do we not have to abide by our constitution when > it > comes to these matters as well? > > -----Original Message----- > From: Royer, Cedric [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, March 06, 2002 11:31 AM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; > [EMAIL PROTECTED]; [EMAIL PROTECTED]; > [EMAIL PROTECTED] > Subject: RE: IDS that retaliates. > > > Is a network which doesn't protect itself to be a platform for for > example > DDoS not at fault? We all know the solutions exist. > I think it is lack of taking responsibility. > > Cédric -- __ Serban Teodorescu sys&net admin@tvr
