OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: scan log and subsequent response from the host's ISP
From: Talisker (TaliskerNETWORKINTRUSION.CO.UK)
Date: Mon Jul 10 2000 - 04:54:53 CDT

----- Original Message -----
From: "Dan Hollis" <goemonSASAMI.ANIME.NET>
To: <INCIDENTSsecurityfocus.com>
Sent: Thursday, July 06, 2000 12:13 AM
Subject: Re: scan log and subsequent response from the host's ISP

> Now that I think about it, are there any RBL-type BGP services for known
> rogue networks? Eg networks which originate attacks and refuse to take any
> action? If so I submit 212.216.184.0 - 212.216.191.255 as the first
> netblock to be blackholed.
>
> -Dan
>

I could be tempted into maintaining such a list, my concerns are:

    Does such a list exist already and if so, where is it?

    Denial of Service, the scope for DOS is extreme therefore each submitted
range would need to be verified with the guilty ISP to test their response.
This will take time. A detailed mechanism of verification would need to be
built, perhaps a pending and a verified list. Any ideas?

    Legal issues, if such a list was to prove popular, the business effect
on the blakholed ISPs may be terminal, leaving myself open to possible
prosecution. (oh well I've nothing to lose)

Does anyone else want to do it? because I'm already pretty busy with my IDS
site.

Andy

www.networkintrusion.co.uk