[AusNOG] network security Question
Shain Singh
shain.singh at gmail.com
Tue May 20 20:54:03 EST 2014
Blocking arbitrary blocks is fraught with danger...
>
> With regards to arbitrarily blocking whole country netblocks; sure, some
> people do it. Having your IDS/IPS temporarily block trouble addresses is
> probably a better solution if you want to go down that path, though.
>
Common pen-test scenario for if you have an IDS/IPS setup to
temporarily block based on attack signatures is to make your attacks
look like they originate from root DNS servers.
--
Shaineel Singh
e: shain.singh at gmail.com
p: +61 422 921 951
w: http://buffet.shainsingh.com
--
"Too many have dispensed with generosity to practice charity" - Albert Camus
More information about the AusNOG
mailing list