|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Bogon list or Dshield.org type list
I do not recommend adding every IP listed at DShield to your filter. We do publish a 'block list', of the worst networks (based on reports for the last 5 days). Quick note on our methods: We basically aggregate firewall logs and offer summarized reports. The reports should allow everyone to apply their own judgment. For the block list: http://www.dshield.org/block_list_info.html On Sat, 27 Jul 2002 20:19:47 -0400 "Phil Rosenthal" <[email protected]> wrote: > I can comment on the dshield list. > I have seen this before. I am checking one particular IP on my network > that has a very popular freehost on it. Checking the load balancer IP > (connections cannot be originated from this IP) -- it shows that there > were 13 attacks initiated from the IP, and 7 targets. Whatever their > algorithm is, it doesn't seem reliable enough for me to trust it if an > IP that can not originate connections is listed as an attacker (albeit > small on their list) > --Phil > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of > alsato > Sent: Saturday, July 27, 2002 8:08 PM > To: [email protected] > Subject: Bogon list or Dshield.org type list > > > > Im wondering how many of you use Bogon Lists and > http://www.dshield.org/top10.html type lists on your routers? Im > curious to know if you are an ISP with customers or backbone provider > or someone else? I have a feeling not many people use these on routers? > Im wondering why or why not? > Ive never used them on my routers although I work for a new isp/cable > provider. Im thinking it would make my users happy to use them though. > > > alsato > > -- --------------------------------------------------------------- [email protected] Collaborative Intrusion Detection join http://www.dshield.org
|