Worst Offenders/Active Attackers blacklists

Jason J. W. Williams williamsjj at digitar.com
Mon Jan 28 23:33:30 UTC 2008


My suggestion would be not even to try iptables. It'll take hours just
to load 10 million entries. There's no efficient mass loading interface.

-J

> -----Original Message-----
> From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf
Of
> Valdis.Kletnieks at vt.edu
> Sent: Monday, January 28, 2008 4:23 PM
> To: Tomas L. Byrnes
> Cc: nanog at nanog.org
> Subject: Re: Worst Offenders/Active Attackers blacklists
> 
> On Sun, 27 Jan 2008 12:21:27 PST, "Tomas L. Byrnes" said:
> > I'm the CTO and founder of ThreatSTOP (www.threatstop.com), and
we're
> > currently propagating the DShield, and some other, block lists for
> use
> > in firewalls. I'm interested in gathering additional threat
> > information, and serving additional communities.
> >
> > Is there any interest in a collaborative platform where anonymized
> > candidates for blocking would be submitted by a trusted group, and
> > then propagated out to the whole group?
> 
> http://www.ranum.com/security/computer_security/editorials/dumb/
> 
> This illustrates dumb idea #2.  Explain to me how you intend to
> enumerate enough of the "bad" hosts out there that such a blocklist
> would help, while still having it small enough that you don't blow out
> the RAM on whatever device you're installing it on.  Have you *tested*
> whatever iptables/ipf/ACL for proper operation with 10 million
entries?
> 
> 



More information about the NANOG mailing list