funsec mailing list archives
Re: 95% of User Generated Content is spam or malicious
From: Rich Kulawiec <rsk () gsp org>
Date: Thu, 18 Feb 2010 09:47:31 -0500
[ I read funsec, there is no need to send a superfluous second copy of messages to my address. ] On Mon, Feb 15, 2010 at 09:28:08AM -0800, Tomas L. Byrnes wrote:
If you're not using Bogons, DShield, Shadowserver, and the SRI MTC, you're missing the recon bots, new malware drive-by seeds, and the C&Cs.
I have my own methods, tyvm, that largely alleviate the need for me to care about such things. Oh, yes, I know that they exist and I have a fair understanding of how they work, what they can do, etc., but as I move more and more toward a default-deny model, it really doesn't matter. (e.g., I'm sure that there are hosts that fit these descriptions in, let's say, China. Doesn't matter, as I've bidirectionally blocked all traffic to every known allocated network assigned there. Lather, rinse, repeat for a lot of other locales.) We are well past the time when default-permit policies are workable. The question that everyone should be asking is "Do I *need* to accept or send traffic to country A or network B? And if I do, on what ports does this need exist? And should I rate-limit it?" The answers are increasingly "no, no, only a few, and yes" for nearly all operations. So rather than using a default-permit policy and trying to list the exceptions, we should be working in the opposite direction. It's sad that we've reached this point, but as Ranum points out, "enumerating badness" is a failed strategy. And thanks to the negligent, incompetent, cheap, lazy, stupid network operators out there who permit abuse to escape their operations on a systemic and chronic basis, we really have very little choice. It's simply not worth trying to winnow tiny amounts of wheat from enormous amount of chaff. ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- 95% of User Generated Content is spam or malicious Robert Portvliet (Feb 07)
- Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 10)
- Re: 95% of User Generated Content is spam or malicious Robert Portvliet (Feb 10)
- Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 10)
- Re: 95% of User Generated Content is spam or malicious Dave Paris (Feb 10)
- Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 14)
- Re: 95% of User Generated Content is spam or malicious Drsolly (Feb 14)
- Re: 95% of User Generated Content is spam or malicious Tomas L. Byrnes (Feb 14)
- Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 15)
- Re: 95% of User Generated Content is spam or malicious Tomas L. Byrnes (Feb 15)
- Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 18)
- Re: 95% of User Generated Content is spam or malicious der Mouse (Feb 18)
- Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 21)
- Re: 95% of User Generated Content is spam or malicious Tomas L. Byrnes (Feb 21)
- Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 22)
- Re: 95% of User Generated Content is spam or malicious Dan Kaminsky (Feb 22)
- Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 22)
- Re: 95% of User Generated Content is spam or malicious Dan Kaminsky (Feb 22)
- Re: 95% of User Generated Content is spam or malicious Hubbard, Dan (Feb 23)
- Re: 95% of User Generated Content is spam or malicious Joel Esler (Feb 23)
- Re: 95% of User Generated Content is spam or malicious Ned Fleming (Feb 23)
- Re: 95% of User Generated Content is spam or malicious Robert Portvliet (Feb 10)
- Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 10)