Firewall Wizards mailing list archives
Re: Lists of IP's we should be blocking
From: Adam Shostack <adam () homeport org>
Date: Sun, 12 Dec 2004 12:56:35 -0500
On Sat, Dec 11, 2004 at 05:22:06PM -0800, Crispin Cowan wrote: | Bruce Smith wrote: | | >Is there a list of dangerous, evil IP's that should be blocked or at least | >watched closely at the borders of the Internet? Address like virus targets, | >root-kit sources and so forth. | > | >And what is the group's opinion on the idea of a general purpose dark IP | >list? | > | > | I think the idea is good only for brushing off ankle-biter threats. The | problem is that serious attackers can acquire new IPs at will through a | substantial pool of zombie nodes on consumer broadband networks, and so | deliberate attacks that come at you will almost certainly *not* be on | anyone's dark IP list. Not to mention, your real customers may well be on those zombie machines. If you're a bank, do you want your customers calling *your* tech support line to fix their spyware problems? Admittedly, having your customers' passwords stolen is bad and annoying. But its probably less expensive *to you* than the support call, unless your money transfer controls are weak. If you're a bank, and your answer is yes, you want me calling with my spyware concerns, please let me know which bank. I'll have everyone I know open up a $100 savings account with you so that people stop calling me with their spyware problems. The belief that a list of 'bad identities' will help security is suprisingly persistant. We see it distorting air travel safety. (Just ask Congressmen Ted Kennedy or John Lewis, or any David Nelson you meet, or Johnnie Thomas, or...) Let's not let it distort internet security as well. Adam _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Lists of IP's we should be blocking Bruce Smith (Dec 11)
- Re: Lists of IP's we should be blocking Devdas Bhagat (Dec 12)
- Re: Lists of IP's we should be blocking Crispin Cowan (Dec 12)
- Re: Lists of IP's we should be blocking Adam Shostack (Dec 12)
- Re: Lists of IP's we should be blocking Paul D. Robertson (Dec 12)
- Re: Lists of IP's we should be blocking Crispin Cowan (Dec 12)
- Re: Lists of IP's we should be blocking Paul D. Robertson (Dec 12)
- RE: Lists of IP's we should be blocking Bruce Smith (Dec 12)
- RE: Lists of IP's we should be blocking Mark . Boltz (Dec 12)
- Re: Lists of IP's we should be blocking Adam Shostack (Dec 12)