<div dir="ltr">There's a special place in Hell reserved for people (especially providers) who block ICMP ;-)</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, May 20, 2014 at 9:13 PM, Damien Gardner Jnr <span dir="ltr"><<a href="mailto:rendrag@rendrag.net" target="_blank">rendrag@rendrag.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Pen-test scenario? It used to be the shits-and-giggles pastime at the Canberra 2600 meets, seeing how many networks could be dropped off in the same 1-hour block because they auto-blackholed <a href="http://uneeda.telstra.net" target="_blank">uneeda.telstra.net</a>, their upstream gateway, their providers BGP IP, etc etc :-p<br>
<br>
Automatic blackholing based anything but full connection TCP is a pretty dumb idea mmmkay :)<br>
<span class="HOEnZb"><font color="#888888"><br>
—DG<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
<br>
On 20 May 2014, at 8:54 pm, Shain Singh <<a href="mailto:shain.singh@gmail.com">shain.singh@gmail.com</a>> wrote:<br>
<br>
> Blocking arbitrary blocks is fraught with danger...<br>
><br>
>><br>
>> With regards to arbitrarily blocking whole country netblocks; sure, some<br>
>> people do it. Having your IDS/IPS temporarily block trouble addresses is<br>
>> probably a better solution if you want to go down that path, though.<br>
>><br>
><br>
> Common pen-test scenario for if you have an IDS/IPS setup to<br>
> temporarily block based on attack signatures is to make your attacks<br>
> look like they originate from root DNS servers.<br>
><br>
><br>
> --<br>
> Shaineel Singh<br>
> e: <a href="mailto:shain.singh@gmail.com">shain.singh@gmail.com</a><br>
> p: <a href="tel:%2B61%20422%20921%20951" value="+61422921951">+61 422 921 951</a><br>
> w: <a href="http://buffet.shainsingh.com" target="_blank">http://buffet.shainsingh.com</a><br>
><br>
> --<br>
> "Too many have dispensed with generosity to practice charity" - Albert Camus<br>
> _______________________________________________<br>
> AusNOG mailing list<br>
> <a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
> <a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">Luca Salvatore<div>Network Engineer</div><div>DigitalOcean</div><div>AUS: +61 414 700 383</div><div>USA: +1 (347) 305-4030</div></div>
</div>