Worst Offenders/Active Attackers blacklists

• Previous message (by thread): Worst Offenders/Active Attackers blacklists
• Next message (by thread): Worst Offenders/Active Attackers blacklists
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 27 Jan 2008 12:21:27 PST, "Tomas L. Byrnes" said:
> I'm the CTO and founder of ThreatSTOP (www.threatstop.com), and we're
> currently propagating the DShield, and some other, block lists for use
> in firewalls. I'm interested in gathering additional threat information,
> and serving additional communities.
>
> Is there any interest in a collaborative platform where anonymized
> candidates for blocking would be submitted by a trusted group, and then
> propagated out to the whole group?

http://www.ranum.com/security/computer_security/editorials/dumb/

This illustrates dumb idea #2.  Explain to me how you intend to enumerate
enough of the "bad" hosts out there that such a blocklist would help, while
still having it small enough that you don't blow out the RAM on whatever
device you're installing it on.  Have you *tested* whatever iptables/ipf/ACL
for proper operation with 10 million entries?



-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20080128/4017b4de/attachment.sig>

• Previous message (by thread): Worst Offenders/Active Attackers blacklists
• Next message (by thread): Worst Offenders/Active Attackers blacklists
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]