Worst Offenders/Active Attackers blacklists

Tomas L. Byrnes tomb at byrneit.net
Sun Jan 27 20:21:27 UTC 2008


There are a number of public network attacker threat feeds available,
the most well know of which, AFAIK, is the Internet Storm Center's
DShield system. I know a few network operators, including at least one
on this list, also run private versions of the DShield system.
 
Are there many others? 
 
Do any or most network operators have some sort of private current block
list that gets pushed out to routers and or firewalls/traffic shapers in
real time?
 
I'm the CTO and founder of ThreatSTOP (www.threatstop.com), and we're
currently propagating the DShield, and some other, block lists for use
in firewalls. I'm interested in gathering additional threat information,
and serving additional communities.
 
Is there any interest in a collaborative platform where anonymized
candidates for blocking would be submitted by a trusted group, and then
propagated out to the whole group?
 
I'd be happy to collect responses anonymously and submit a summary back
to the list, if people don't want to open this up on the list.
 
 
 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20080127/156f9db5/attachment.html>


More information about the NANOG mailing list