<div dir="ltr">How else are you supposed to stop the hackers if you can't block ICMP???<br><br><span style="color:rgb(204,204,204)"><font size="1">=)</font></span><br><div><div class="gmail_extra"><br><div class="gmail_quote">
On 21 May 2014 09:05, Luca Salvatore <span dir="ltr"><<a href="mailto:luca@digitalocean.com" target="_blank">luca@digitalocean.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">There's a special place in Hell reserved for people (especially providers) who block ICMP ;-)</div><div class="gmail_extra"><div><div class="h5"><br><br><div class="gmail_quote">On Tue, May 20, 2014 at 9:13 PM, Damien Gardner Jnr <span dir="ltr"><<a href="mailto:rendrag@rendrag.net" target="_blank">rendrag@rendrag.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Pen-test scenario? It used to be the shits-and-giggles pastime at the Canberra 2600 meets, seeing how many networks could be dropped off in the same 1-hour block because they auto-blackholed <a href="http://uneeda.telstra.net" target="_blank">uneeda.telstra.net</a>, their upstream gateway, their providers BGP IP, etc etc :-p<br>
<br>
Automatic blackholing based anything but full connection TCP is a pretty dumb idea mmmkay :)<br>
<span><font color="#888888"><br>
—DG<br>
</font></span><div><div><br>
<br>
On 20 May 2014, at 8:54 pm, Shain Singh <<a href="mailto:shain.singh@gmail.com" target="_blank">shain.singh@gmail.com</a>> wrote:<br>
<br>
> Blocking arbitrary blocks is fraught with danger...<br>
><br>
>><br>
>> With regards to arbitrarily blocking whole country netblocks; sure, some<br>
>> people do it. Having your IDS/IPS temporarily block trouble addresses is<br>
>> probably a better solution if you want to go down that path, though.<br>
>><br>
><br>
> Common pen-test scenario for if you have an IDS/IPS setup to<br>
> temporarily block based on attack signatures is to make your attacks<br>
> look like they originate from root DNS servers.<br>
><br>
><br>
> --<br>
> Shaineel Singh<br>
> e: <a href="mailto:shain.singh@gmail.com" target="_blank">shain.singh@gmail.com</a><br>
> p: <a href="tel:%2B61%20422%20921%20951" value="+61422921951" target="_blank">+61 422 921 951</a><br>
> w: <a href="http://buffet.shainsingh.com" target="_blank">http://buffet.shainsingh.com</a><br>
><br>
> --<br>
> "Too many have dispensed with generosity to practice charity" - Albert Camus<br>
> _______________________________________________<br>
> AusNOG mailing list<br>
> <a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
> <a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div></div></div><span class="HOEnZb"><font color="#888888">-- <br><div dir="ltr">Luca Salvatore<div>Network Engineer</div><div>DigitalOcean</div><div>AUS: <a href="tel:%2B61%20414%20700%20383" value="+61414700383" target="_blank">+61 414 700 383</a></div>
<div>USA: <a href="tel:%2B1%20%28347%29%20305-4030" value="+13473054030" target="_blank">+1 (347) 305-4030</a></div></div>
</font></span></div>
<br>_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br></blockquote></div><br></div></div></div>