Comments on: Effectively Completing the Attack (and this posting)… http://asert.arbornetworks.com/2006/04/effectively-completing-the-attack-and-this-posting/ A weblog dedicated to educating the community on security threats that matter Fri, 21 Nov 2008 15:07:33 +0000 http://wordpress.org/?v=abc By: System Advancements at the Monastery » Blog Archive » From Cyber Space with Love http://asert.arbornetworks.com/2006/04/effectively-completing-the-attack-and-this-posting/#comment-123235 System Advancements at the Monastery » Blog Archive » From Cyber Space with Love Sat, 24 May 2008 02:58:47 +0000 http://asert.arbornetworks.com/2006/04/effectively-completing-the-attack-and-this-posting/#comment-123235 [...] employ something akin to a BGP blackhole routing function that results in all packets destined to those three specific IPs, or the covering prefixes, being discarded as a result of null or discard next hop packet forwarding policies, as discussed here [...] [...] employ something akin to a BGP blackhole routing function that results in all packets destined to those three specific IPs, or the covering prefixes, being discarded as a result of null or discard next hop packet forwarding policies, as discussed here [...]

]]> By: Danny McPherson http://asert.arbornetworks.com/2006/04/effectively-completing-the-attack-and-this-posting/#comment-43 Danny McPherson Fri, 05 May 2006 19:49:23 +0000 http://asert.arbornetworks.com/2006/04/effectively-completing-the-attack-and-this-posting/#comment-43 As usual, good point Chris. Though I'm not sure "No one cares", as usually someone cares - it's just that that someone doesn't matter (re: $) very much for whatever reason :-) Nonetheless, I'll see if there's a way to capture this observation in future cuts.. Thanks for the comments! As usual, good point Chris. Though I’m not sure “No one cares”, as usually someone cares - it’s just that that someone doesn’t matter (re: $) very much for whatever reason :-)

Nonetheless, I’ll see if there’s a way to capture this observation in future cuts..

Thanks for the comments!

]]> By: Chris Morrow http://asert.arbornetworks.com/2006/04/effectively-completing-the-attack-and-this-posting/#comment-27 Chris Morrow Mon, 01 May 2006 02:06:31 +0000 http://asert.arbornetworks.com/2006/04/effectively-completing-the-attack-and-this-posting/#comment-27 So, one thing to keep in mind here is that often, a vast majority of the time actually, the attacked host is not important to anyone involved. No one cares if shell-server-2's 33'rd vhost is 'offline'. In cases where the destination ip address is 'important' obviously the 'complete the attack' solution is not implemented. Perhaps it's hard to encapsulate this sort of thing in the survey or results? Thanks for the results and survey though :) So, one thing to keep in mind here is that often, a vast majority of the time actually, the attacked host is not important to anyone involved. No one cares if shell-server-2’s 33′rd vhost is ‘offline’.

In cases where the destination ip address is ‘important’ obviously the ‘complete the attack’ solution is not implemented. Perhaps it’s hard to encapsulate this sort of thing in the survey or results?

Thanks for the results and survey though :)

]]>