Bogon list or Dshield.org type list

Charles Sprickman spork at inch.com
Sun Jul 28 07:36:10 UTC 2002


I looked up a nameserver that I once worked with and found that it is
"attacking" from port 53.  Needless to say, it's not hacked, it's
answering queries.

Charles

--
Charles Sprickman
spork at inch.com


On Sat, 27 Jul 2002, Johannes Ullrich wrote:

>
>
> I do not recommend adding every IP listed at DShield to your filter.
> We do publish a 'block list', of the worst networks (based on reports
> for the last 5 days).
>
> Quick note on our methods: We basically aggregate firewall logs and
> offer summarized reports. The reports should allow everyone to apply
> their own judgment.
>
> For the block list:
> http://www.dshield.org/block_list_info.html
>
>
>
> On Sat, 27 Jul 2002 20:19:47 -0400
> "Phil Rosenthal" <pr at isprime.com> wrote:
>
> > I can comment on the dshield list.
> > I have seen this before.  I am checking one particular IP on my network
> > that has a very popular freehost on it.  Checking the load balancer IP
> > (connections cannot be originated from this IP) -- it shows that there
> > were 13 attacks initiated from the IP, and 7 targets.  Whatever their
> > algorithm is, it doesn't seem reliable enough for me to trust it if an
> > IP that can not originate connections is listed as an attacker (albeit
> > small on their list)
> > --Phil
> >
> > -----Original Message-----
> > From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
> > alsato
> > Sent: Saturday, July 27, 2002 8:08 PM
> > To: nanog at merit.edu
> > Subject: Bogon list or Dshield.org type list
> >
> >
> >
> > Im wondering how many of you use Bogon Lists and
> > http://www.dshield.org/top10.html type lists on your routers?  Im
> > curious to know if you are an ISP  with customers or backbone provider
> > or someone else?  I have a feeling not many people use these on routers?
> > Im wondering why or why not?
> >  Ive never used them on my routers although I work for a new isp/cable
> > provider.  Im thinking it would make my users happy to use them though.
> >
> >
> > alsato
> >
> >
>
>
> --
> ---------------------------------------------------------------
> jullrich at sans.org             Collaborative Intrusion Detection
>                                     join http://www.dshield.org
>




More information about the NANOG mailing list