Full Disclosure mailing list archives
Re: Comcast using IPS to protect the Internet from their home user clients?
From: Thomas Lakofski <thomas () 88 net>
Date: Thu, 11 Mar 2004 05:20:29 +0000 (GMT)
On Wed, 10 Mar 2004, Exibar wrote:
Filtering should not be done by the ISPs, they should provide a pipe, and that's it. Ok, there are some circumstances, like a DoS against your equipment, where the ISP is the only means of blocking the traffic, that's a different story.
Filtering is one thing, and I agree that it's a bad step to take for all sorts of reasons. Maybe, though, there are other ways to trap bad traffic at the ISP level? I ran LaBrea for a few months on the 3 spare IPs in my /29, which tended to seize several thousand scanning threads from all over the place, most of them indefinitely. Some hosts afflicted with particularly stupid scanners snarled hundreds of threads for weeks. This was at the cost of a staggering 1kB/s upstream bandwidth. I wonder if it would be worth it for ISPs to take a /16 or even a /15s-worth of addresses, and channel all the traffic to a few hefty boxes running something like LaBrea. With judicious interleaving of the tarpitted address space with subscriber pools, most scanners which operate tiered scanning (local net, then /24, /16, /8 etc.) will fairly quickly get their threads stuck in the local ISP tarpit. The tarpit would also make an ok compromised host detector too... I'm not sure what the downsides are besides wasted address space, and some (additional) wasted bandwidth within each ISP (or externally, if they expose the tarpits). Any opinions? cheers, -- Thomas Lakofski gpg: 1024D/81FD4B43 2B72 53DB 8104 2041 BDB4 F053 4AE5 01DF 81FD 4B43 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Comcast using IPS to protect the Internet f rom their home user clients?, (continued)
- RE: Comcast using IPS to protect the Internet f rom their home user clients? Frank Knobbe (Mar 10)
- Re: Comcast using IPS to protect the Internet from their home user clients? Exibar (Mar 10)
- Re: Comcast using IPS to protect the Internet from their home user clients? Frank Knobbe (Mar 10)
- Re: Comcast using IPS to protect the Internet from their home user clients? Steve Menard (Mar 10)
- Re: Comcast using IPS to protect the Internet from their home user clients? Randal L. Schwartz (Mar 10)
- Re: Comcast using IPS to protect the Internet from their home user clients? Exibar (Mar 10)
- Re: Comcast using IPS to protect the Internet from their home user clients? Luke Scharf (Mar 10)
- RE: Comcast using IPS to protect the Internetfrom their home user clients? Matthew C. Beckman (Mar 10)
- Re: Comcast using IPS to protect the Internetfrom their home user clients? Exibar (Mar 11)
- Re: Comcast using IPS to protect the Internet from their home user clients? Exibar (Mar 10)
- RE: Comcast using IPS to protect the Internet f rom their home user clients? Frank Knobbe (Mar 10)
- Re: Comcast using IPS to protect the Internet from their home user clients? Harry Hoffman (Mar 10)
- Re: Comcast using IPS to protect the Internet from their home user clients? Thomas Lakofski (Mar 10)