North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
RE: filtering whitehouse.gov?
- From: Matt Levine
- Date: Sun Jul 22 00:28:24 2001
-----BEGIN PGP SIGNED MESSAGE-----
Moreover, bbn (whitehouse.gov's upstream) is blackholing it
themselves, why would you NOT blackhole it and waste your bw when
it's gonna get blackholed along the way anyway?
ICQ : 17080004
PGP : http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x6C0D04CF
- -----Original Message-----
From: firstname.lastname@example.org [mailto:email@example.com] On Behalf
Of John Starta
Sent: Saturday, July 21, 2001 10:10 PM
Cc: Andreas Plesner Jacobsen - Tiscali; firstname.lastname@example.org
Subject: Re: filtering whitehouse.gov?
At 04:29 PM 7/21/01 -0700, Jon O . wrote:
>On 22-Jul-2001, Andreas Plesner Jacobsen - Tiscali wrote:
> > No, since it is known that the provider hosting www1 and
> > www2.whitehouse.gov has already blackholed www1, and
> > www.whitehouse.gov only resolves to www2 now. And then there's
> > the big difference between operational stability and poltical
> > stability, of which operational is the primary concern to me at
> > least.
>Yes, because your fix is for this worm and luckily it only attacks
>www1. The next one might not be so benign and blackholing routes is
>not the answer. Also, it makes it harder to ID infected hosts so
>you can fix them.
Blackholing routes doesn't prevent you from identifying possibility
infected hosts. It simply means that you're not going to participate
abuse of anothers network and/or host. You can still log the traffic
destine for the target.
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
-----END PGP SIGNATURE-----