Security Incidents mailing list archives
Re: IP Black list?
From: root () RGFSPARC CR USGS GOV (Robert G. Ferrell)
Date: Tue, 16 May 2000 09:11:37 -0500
I'm curious to know what folks think of the idea of a real-time blacklist for misbehaving IP addresses/blocks. Some reputable person/organization could maintain it, trusted folks known to the co-ordinator could recommend IPs to blockade, and then anyone who chose to could implement the list into router or firewall rules.
Hi Stuart, I certainly understand your frustration with misbehaving IPs, and I think something should be done to encourage the administrators of those IPs to clean up their acts. However, I'm a little reluctant to lend my support to a blacklist. I've known very competent admins who've had systems put on the ORBS blacklist before because they were relaying mail (and none of the situations were simple cases of accidental misconfiguration). While I understand their reasoning, the attitude they've adopted is (IMO) arrogant and sanctimonious, and their world view is, for my taste, a bit too black and white. Testing a mail server for an open relay is equivalent to other forms of fingerprinting, AFAIC. While having the Internet police itself is the best way to run things, I think, it is important that as we do so we subscribe not only to the practice of competency, but also to that of civility. If we could operate this database in such a way that does not insult the (alleged) violators and takes into account any special circumstances that surround a seeming violation, then it could be of great use. But let's not call it a "blacklist." That's pretty demeaning. How about simply a Database of Potentially Problem IP Addresses, or something along those lines? Cheers, RGF Robert G. Ferrell, CISSP Information Systems Security Officer National Business Center, US DoI Robert_G_Ferrell () nbc gov ------------------------------------------------------------ Nothing I have ever said should be construed as even vaguely representing an official statement by the NBC or DoI. ------------------------------------------------------------
Current thread:
- TCP/IP options flags?, (continued)
- TCP/IP options flags? Matt Beck (May 16)
- unapproved update from [166.93.60.5].61946 James Ankenbrandt (May 17)
- Re: unapproved update from [166.93.60.5].61946 Jon Lewis (May 18)
- Re: IP Black list? Volker Werth [VWSoft] (May 16)
- Re: IP Black list? Elliot Perrin (May 16)
- Sniffer files Wozz (May 16)
- Re: Sniffer files Randy Janinda (May 18)
- Re: Sniffer files Robert Graham (May 18)
- Re: IP Black list? Paul L Schmehl (May 16)
- Re: IP Black list? Joe McAlerney (May 16)
- Sniffer files Wozz (May 16)
- Re: IP Black list? Robert G. Ferrell (May 16)
- Re: IP Black list? Tarkington, William (W.) (May 16)
- Re: IP Black list? Elliot Perrin (May 17)