[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OT: port scan

Philipp Schulte <p.schulte@matrix.uni-duisburg.de> wrote:
>>>On Tue, Nov 28, 2000 at 12:35:27PM -0800, kmself@ix.netcom.com wrote: 
>>>>Philipp Schulte wrote:
>>>>>But what kind of pressure can $your_provider put on a portscanner
>>>>>from $evil_provider? 
>>>>Domain-level blocking of...mail, news, DNS....
>If you say that portscanning isn't necessariy evil, how can you
>suggest "Domain-level blocking of...mail, news, DNS...."?

Hmm. You asked "what kind of pressure can [my provider] put on [evil
guy's provider]", and Karsten answered - that is indeed the sort of
pressure one provider can put on another (RBL [1], UDP [2], etc.). Your
question wasn't about what kind of pressure providers *should* put on
each other, or about portscanning in particular, and I didn't read the
answer that way.

[1] Realtime Blackhole List - a list of known sources of e-mail spam
    against which mail administrators can filter incoming mail.

[2] Usenet Death Penalty - a rarely applied sanction against large-scale
    sources of Usenet spam in which most of the backbone news providers
    drop all news messages from those sources on the floor.

I think, in many cases, administrators at one provider are simply likely
to give more weight to what random administrators from other providers
say than what random users (especially those who aren't their customers)
say, all other things being equal. In that sort of job you can end up
getting a *lot* of communication, and anything that can help filter the
really urgent stuff to the top is useful.

>BTW: I never said that it is evil, by $evil_provider I meant something
>like $provider_that_evil_guy_uses

Of course, to all intents and purposes this can end up being the same
thing - that is, if the provider allows its networks to be repeatedly
used to inconvenience others and doesn't take any (or enough) corrective

Colin Watson                                     [cjw44@flatline.org.uk]

Reply to: