North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: RBL-type BGP service for known rogue networks?

  • From: Shawn McMahon
  • Date: Thu Jul 06 23:43:15 2000

On Thu, Jul 06, 2000 at 07:35:19PM -0400, Mark Mentovai wrote:
> 
> If break-ins is what you're trying to avoid, a blacklist would be a terrible
> idea.  The proper way to prevent break-ins is not to block communications
> with certain sites, but to fix broken software and poorly configured systems
> so that any break-in attempts will be unsuccessful.  A blacklist would only
> encourage your would-be attacker to employ additional intermediaries,
> thereby potentially causing more damage for more people while making the
> ultimate source more difficult to trace.

If your attacker is somebody who decided he wanted in your site no matter what,
and is engaged in a concerted attack on specifically you, that might be true.

If your attacker is Joe Random Script Kiddie, who spotted you running Vulnerability
Of the Week and is trying the few exploits he could get to compile, you're
wrong.

The most effective anti-hacking measure I ever undertook was blocking the entire
.kr domain in hosts.deny.

It cut attempts by more than 50%.

(Before anybody jumps on me, the network in question had no users with a legitimate
need to connect from Korea, and your mileage almost assuredly varies.)

Attachment: pgp00010.pgp
Description: PGP signature