North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Bogon list or Dshield.org type list
I looked up a nameserver that I once worked with and found that it is "attacking" from port 53. Needless to say, it's not hacked, it's answering queries. Charles -- Charles Sprickman [email protected] On Sat, 27 Jul 2002, Johannes Ullrich wrote: > > > I do not recommend adding every IP listed at DShield to your filter. > We do publish a 'block list', of the worst networks (based on reports > for the last 5 days). > > Quick note on our methods: We basically aggregate firewall logs and > offer summarized reports. The reports should allow everyone to apply > their own judgment. > > For the block list: > http://www.dshield.org/block_list_info.html > > > > On Sat, 27 Jul 2002 20:19:47 -0400 > "Phil Rosenthal" <[email protected]> wrote: > > > I can comment on the dshield list. > > I have seen this before. I am checking one particular IP on my network > > that has a very popular freehost on it. Checking the load balancer IP > > (connections cannot be originated from this IP) -- it shows that there > > were 13 attacks initiated from the IP, and 7 targets. Whatever their > > algorithm is, it doesn't seem reliable enough for me to trust it if an > > IP that can not originate connections is listed as an attacker (albeit > > small on their list) > > --Phil > > > > -----Original Message----- > > From: [email protected] [mailto:[email protected]] On Behalf Of > > alsato > > Sent: Saturday, July 27, 2002 8:08 PM > > To: [email protected] > > Subject: Bogon list or Dshield.org type list > > > > > > > > Im wondering how many of you use Bogon Lists and > > http://www.dshield.org/top10.html type lists on your routers? Im > > curious to know if you are an ISP with customers or backbone provider > > or someone else? I have a feeling not many people use these on routers? > > Im wondering why or why not? > > Ive never used them on my routers although I work for a new isp/cable > > provider. Im thinking it would make my users happy to use them though. > > > > > > alsato > > > > > > > -- > --------------------------------------------------------------- > [email protected] Collaborative Intrusion Detection > join http://www.dshield.org >
|