Bogon list or Dshield.org type list
Charles Sprickman
spork at inch.com
Sun Jul 28 07:36:10 UTC 2002
I looked up a nameserver that I once worked with and found that it is
"attacking" from port 53. Needless to say, it's not hacked, it's
answering queries.
Charles
--
Charles Sprickman
spork at inch.com
On Sat, 27 Jul 2002, Johannes Ullrich wrote:
>
>
> I do not recommend adding every IP listed at DShield to your filter.
> We do publish a 'block list', of the worst networks (based on reports
> for the last 5 days).
>
> Quick note on our methods: We basically aggregate firewall logs and
> offer summarized reports. The reports should allow everyone to apply
> their own judgment.
>
> For the block list:
> http://www.dshield.org/block_list_info.html
>
>
>
> On Sat, 27 Jul 2002 20:19:47 -0400
> "Phil Rosenthal" <pr at isprime.com> wrote:
>
> > I can comment on the dshield list.
> > I have seen this before. I am checking one particular IP on my network
> > that has a very popular freehost on it. Checking the load balancer IP
> > (connections cannot be originated from this IP) -- it shows that there
> > were 13 attacks initiated from the IP, and 7 targets. Whatever their
> > algorithm is, it doesn't seem reliable enough for me to trust it if an
> > IP that can not originate connections is listed as an attacker (albeit
> > small on their list)
> > --Phil
> >
> > -----Original Message-----
> > From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
> > alsato
> > Sent: Saturday, July 27, 2002 8:08 PM
> > To: nanog at merit.edu
> > Subject: Bogon list or Dshield.org type list
> >
> >
> >
> > Im wondering how many of you use Bogon Lists and
> > http://www.dshield.org/top10.html type lists on your routers? Im
> > curious to know if you are an ISP with customers or backbone provider
> > or someone else? I have a feeling not many people use these on routers?
> > Im wondering why or why not?
> > Ive never used them on my routers although I work for a new isp/cable
> > provider. Im thinking it would make my users happy to use them though.
> >
> >
> > alsato
> >
> >
>
>
> --
> ---------------------------------------------------------------
> jullrich at sans.org Collaborative Intrusion Detection
> join http://www.dshield.org
>
More information about the NANOG
mailing list