nanog mailing list archives
Re: Re[6]: "portscans" (was Re: Arbor Networks DoS defense product)
From: Ralph Doncaster <ralph () istop com>
Date: Sun, 19 May 2002 12:13:35 -0400 (EDT)
RD> I think that's pretty stupid. If I had my network admin investigate every RD> portscan, my staff costs would go up 10x and I'd quickly go bankrupt. RD> Instead we keep our servers very secure, and spend the time and effort RD> only when there is evidence of a break in. I didn't say investigate every portscan, I said assume every portscan is hostile. There is a big difference.
So you assume it's hostile and do what? Automatically block the source IP? If you do that then you open up a bigger DOS hole. Then if someone sends a bunch of SYN scans with the source address spoofed as your upstream transit providers' BGP peering IP, poof! you're gone.
Current thread:
- Re: "portscans" (was Re: Arbor Networks DoS defense product), (continued)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Henry Yen (May 18)
- Message not available
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Scott Francis (May 18)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Ralph Doncaster (May 18)
- Re[2]: "portscans" (was Re: Arbor Networks DoS defense product) Allan Liska (May 18)
- Re: Re[2]: "portscans" (was Re: Arbor Networks DoS defense product) E.B. Dreger (May 18)
- Re: Re[2]: "portscans" (was Re: Arbor Networks DoS defense product) Ralph Doncaster (May 19)
- Re: Re[2]: "portscans" (was Re: Arbor Networks DoS defense product) up (May 19)
- Re[4]: "portscans" (was Re: Arbor Networks DoS defense product) Allan Liska (May 19)
- Re: Re[4]: "portscans" (was Re: Arbor Networks DoS defense product) Ralph Doncaster (May 19)
- Re[6]: "portscans" (was Re: Arbor Networks DoS defense product) Allan Liska (May 19)
- Re: Re[6]: "portscans" (was Re: Arbor Networks DoS defense product) Ralph Doncaster (May 19)
- Re[8]: "portscans" (was Re: Arbor Networks DoS defense product) Allan Liska (May 19)
- Re: Re[8]: "portscans" (was Re: Arbor Networks DoS defense product) Greg A. Woods (May 19)
- RE: Re[8]: "portscans" (was Re: Arbor Networks DoS defense product) Benjamin P. Grubin (May 19)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Greg A. Woods (May 19)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Dan Hollis (May 19)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Mitch Halmu (May 19)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Dan Hollis (May 19)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Mitch Halmu (May 19)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Mike Lewinski (May 19)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Scott Francis (May 19)