[Dshield] Dshield listing of load-balancers / proposal for LB registry

Miles Stevenson miles at mstevenson.org
Wed Oct 27 21:03:12 GMT 2004


Hi Frank! 

<snip>
> What is the opinion of this list regarding creation of such an
> load-balancer registry? Would it add value as I hope?
</snip>

Garbage traffic is garbage traffic, regardless of "intent". If a load balancer 
is spitting potentially hostile garbage at my network, my first and only 
priority is to stop that traffic. It doesn't really matter to me whether it 
came from a blackhat or a harmless load balancer. All that matters is that it 
is happening, and that is must be stopped.

I think reporting this garbage traffic via DShield is a GOOD thing. It helps 
put pressure on companies who are spewing this garbage traffic. It helps 
pressure them to STOP spewing garbage traffic. The argument "but we are not 
attacking you, its just our <insert product here> load balancer spewing 
harmless garbage at you" is not valid in my opinion. I would still respond, 
"stop spewing garbage at me". Just because a company desires to use a 
particular product, doesn't give them an excuse to spew garbage at others. In 
my opinion, nothing gives you a valid excuse to spew garbage at me, and it is 
perfectly acceptable for me to publicy announce that you are spewing garbage 
at me (DShield).

I think your point DOES show that the DShield statistics do NOT indicate the 
intent of the garbage traffic. It is valuable to realize that we can't look 
at these stats and conclude that all of the garbage is malicous in its 
intent. But as far as I'm concerned, it doesn't matter. Garbage is garbage.

So no, I do NOT think it would be valuable to have a load balancer "whitelist" 
as you propose, because this eliminates the pressure put on companies to stop 
spewing garbage. If you need to buy a different load balancer, fine. It's 
none of my concern HOW you stop spitting garbage at me, only that you DO 
stop. In my opinion, such a whitelist would do more harm than good.

Regards,

-- 
Miles Stevenson
miles at mstevenson.org
PGP FP: 035F 7D40 44A9 28FA 7453 BDF4 329F 889D 767D 2F63
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20041027/dc0e71f5/attachment.bin


More information about the list mailing list