nanog mailing list archives
RE: Worst Offenders/Active Attackers blacklists
From: "Jason J. W. Williams" <williamsjj () digitar com>
Date: Mon, 28 Jan 2008 16:33:30 -0700
My suggestion would be not even to try iptables. It'll take hours just to load 10 million entries. There's no efficient mass loading interface. -J
-----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf
Of
Valdis.Kletnieks () vt edu Sent: Monday, January 28, 2008 4:23 PM To: Tomas L. Byrnes Cc: nanog () nanog org Subject: Re: Worst Offenders/Active Attackers blacklists On Sun, 27 Jan 2008 12:21:27 PST, "Tomas L. Byrnes" said:I'm the CTO and founder of ThreatSTOP (www.threatstop.com), and
we're
currently propagating the DShield, and some other, block lists forusein firewalls. I'm interested in gathering additional threat information, and serving additional communities. Is there any interest in a collaborative platform where anonymized candidates for blocking would be submitted by a trusted group, and then propagated out to the whole group?http://www.ranum.com/security/computer_security/editorials/dumb/ This illustrates dumb idea #2. Explain to me how you intend to enumerate enough of the "bad" hosts out there that such a blocklist would help, while still having it small enough that you don't blow out the RAM on whatever device you're installing it on. Have you *tested* whatever iptables/ipf/ACL for proper operation with 10 million
entries?
Current thread:
- Worst Offenders/Active Attackers blacklists Tomas L. Byrnes (Jan 27)
- Re: Worst Offenders/Active Attackers blacklists Valdis . Kletnieks (Jan 28)
- RE: Worst Offenders/Active Attackers blacklists Jason J. W. Williams (Jan 28)
- Re: Worst Offenders/Active Attackers blacklists Andrew D Kirch (Jan 28)
- Re: Worst Offenders/Active Attackers blacklists Patrick W. Gilmore (Jan 28)
- Re: Worst Offenders/Active Attackers blacklists Jim Popovitch (Jan 29)
- Re: Worst Offenders/Active Attackers blacklists Patrick W. Gilmore (Jan 29)
- Re: Worst Offenders/Active Attackers blacklists Joel Jaeggli (Jan 29)
- Re: Worst Offenders/Active Attackers blacklists Edward B. DREGER (Jan 29)
- Re: Worst Offenders/Active Attackers blacklists Andrew D Kirch (Jan 29)
- Re: Worst Offenders/Active Attackers blacklists Patrick W. Gilmore (Jan 29)
- Re: Worst Offenders/Active Attackers blacklists Edward B. DREGER (Jan 29)
- Re: Worst Offenders/Active Attackers blacklists Patrick W. Gilmore (Jan 29)
- Re: Worst Offenders/Active Attackers blacklists Valdis . Kletnieks (Jan 28)