From: "Dawson, Peter D" <Dawson(_dot_)Peter(_at_)emeryworld(_dot_)com>
...
I agree on the technical reality of tbyte storage/tcpdump etc...
(really technical unreality)
Technical reality always trumps political blather everywhere
that matters.
Yes, but if I were behind a DMZ and my IDS triggers... and if I got a
source address .. my question is...
would 'THe ISP' provide any type of information to negate the threat ? is
this a political problem?? , beyond technical reality or just plain
non-compliance to 'Collabration' ???
How do you identify "The ISP"? RFC 2267 is about ingress filtering,
but not egress filtering, logging, flagging, or informing.
If you do trust that the IP source address is valid, then what do you need
with anything more than we've had for decades? Why can't you telephone
a domain contact, and get whatever information or promises of action that
the other guy is willing and able to give?
As for negating threats, regardless of what the apparent source says,
don't you think that the wise course for you is to ensure that your own
defenses render the attack harmless?
Vernon Schryver vjs(_at_)rhyolite(_dot_)com