Full Disclosure mailing list archives
Re: Compromised hosts lists
From: Frank Knobbe <frank () knobbe us>
Date: Tue, 21 Feb 2006 13:43:44 -0600
On Mon, 2006-02-20 at 22:40 -0500, Valdis.Kletnieks () vt edu wrote:
On Mon, 20 Feb 2006 16:55:06 MST, James Lay said:I had heard tale of a site that had a semi-updated list of compromised hosts. I was hoping that someone knows that link...would LOVE to be able to get my firewall to get this list and auto-create an iptables rule. Thanks all!The secure way to do this is to first deny *all* traffic, and then add specific rules for machines that you *do* want to talk to.
Would you apply the same thinking to *outbound* traffic by first denying all outbound traffic, and then adding rules for, say eBay, Slashdot, etc? While real time firewall blocking of inbound threats reaches exhaustion fast, I think a real time block of threats that you might accidentally connect to outbound (like phishing sites or botnet C&Cs) does indeed make sense as a) the volume is typically lower, and b) you usually restrict outbound traffic only by port/service . What are your thoughts on that? Cheers, Frank -- It is said that the Internet is a public utility. As such, it is best compared to a sewer. A big, fat pipe with a bunch of crap sloshing against your ports.
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Compromised hosts lists James Lay (Feb 20)
- Re: Compromised hosts lists Jason Coombs (Feb 20)
- Re: Compromised hosts lists Gadi Evron (Feb 20)
- Re: Compromised hosts lists Valdis . Kletnieks (Feb 20)
- Re: Compromised hosts lists James Lay (Feb 21)
- Re: Compromised hosts lists Valdis . Kletnieks (Feb 21)
- Re: Compromised hosts lists Frank Knobbe (Feb 21)
- Re: Compromised hosts lists Valdis . Kletnieks (Feb 21)
- Re: Compromised hosts lists James Lay (Feb 21)
- <Possible follow-ups>
- Re: Compromised hosts lists security czar (Feb 22)