nanog mailing list archives
Re: Worst Offenders/Active Attackers blacklists
From: Joel Jaeggli <joelja () bogus com>
Date: Tue, 29 Jan 2008 09:04:40 -0800
Patrick W. Gilmore wrote:
Perhaps combine the two? Have a stateful firewall which also checks DNSBLs? I can see why that would be attractive to someone, but still not a good idea. Not to mention no DNSBL operator would let any reasonably sized network query them for every new source address - the load would squash the name servers.
If you want the sort of performance you expect from your firewall now your going to have to evaluate the source on the basis of locally available information. bgp based blocklist would be a more sensible approach than an dnsbl. Then it's a question of how many blackhole prefixs you're willing to carry in your firewall's table...
As I mentioned, zone transfer the DNSBL and check against that might add a modicum of usefulness, but still has lots of bad side effects. Then again, what do I know? Please implement this in production and show me I'm wrong. I smell a huge business opportunity if you can get it to work!
Current thread:
- Worst Offenders/Active Attackers blacklists Tomas L. Byrnes (Jan 27)
- Re: Worst Offenders/Active Attackers blacklists Valdis . Kletnieks (Jan 28)
- RE: Worst Offenders/Active Attackers blacklists Jason J. W. Williams (Jan 28)
- Re: Worst Offenders/Active Attackers blacklists Andrew D Kirch (Jan 28)
- Re: Worst Offenders/Active Attackers blacklists Patrick W. Gilmore (Jan 28)
- Re: Worst Offenders/Active Attackers blacklists Jim Popovitch (Jan 29)
- Re: Worst Offenders/Active Attackers blacklists Patrick W. Gilmore (Jan 29)
- Re: Worst Offenders/Active Attackers blacklists Joel Jaeggli (Jan 29)
- Re: Worst Offenders/Active Attackers blacklists Edward B. DREGER (Jan 29)
- Re: Worst Offenders/Active Attackers blacklists Andrew D Kirch (Jan 29)
- Re: Worst Offenders/Active Attackers blacklists Patrick W. Gilmore (Jan 29)
- Re: Worst Offenders/Active Attackers blacklists Edward B. DREGER (Jan 29)
- Re: Worst Offenders/Active Attackers blacklists Patrick W. Gilmore (Jan 29)
- Re: Worst Offenders/Active Attackers blacklists Edward B. DREGER (Jan 29)
- Re: Worst Offenders/Active Attackers blacklists Valdis . Kletnieks (Jan 28)
- RE: Worst Offenders/Active Attackers blacklists Ben Butler (Jan 29)
- Re: Worst Offenders/Active Attackers blacklists Christopher Morrow (Jan 29)