[AusNOG] network security Question

Damien Gardner Jnr rendrag at rendrag.net
Tue May 20 21:13:37 EST 2014


Pen-test scenario? It used to be the shits-and-giggles pastime at the Canberra 2600 meets, seeing how many networks could be dropped off in the same 1-hour block because they auto-blackholed uneeda.telstra.net, their upstream gateway, their providers BGP IP, etc etc :-p

Automatic blackholing based anything but full connection TCP is a pretty dumb idea mmmkay :)

—DG


On 20 May 2014, at 8:54 pm, Shain Singh <shain.singh at gmail.com> wrote:

> Blocking arbitrary blocks is fraught with danger...
> 
>> 
>> With regards to arbitrarily blocking whole country netblocks; sure, some
>> people do it. Having your IDS/IPS temporarily block trouble addresses is
>> probably a better solution if you want to go down that path, though.
>> 
> 
> Common pen-test scenario for if you have an IDS/IPS setup to
> temporarily block based on attack signatures is to make your attacks
> look like they originate from root DNS servers.
> 
> 
> -- 
> Shaineel Singh
> e: shain.singh at gmail.com
> p: +61 422 921 951
> w: http://buffet.shainsingh.com
> 
> --
> "Too many have dispensed with generosity to practice charity" - Albert Camus
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog



More information about the AusNOG mailing list