|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Worst Offenders/Active Attackers blacklists
On Sun, 27 Jan 2008 12:21:27 PST, "Tomas L. Byrnes" said: > I'm the CTO and founder of ThreatSTOP (www.threatstop.com), and we're > currently propagating the DShield, and some other, block lists for use > in firewalls. I'm interested in gathering additional threat information, > and serving additional communities. > > Is there any interest in a collaborative platform where anonymized > candidates for blocking would be submitted by a trusted group, and then > propagated out to the whole group? http://www.ranum.com/security/computer_security/editorials/dumb/ This illustrates dumb idea #2. Explain to me how you intend to enumerate enough of the "bad" hosts out there that such a blocklist would help, while still having it small enough that you don't blow out the RAM on whatever device you're installing it on. Have you *tested* whatever iptables/ipf/ACL for proper operation with 10 million entries? Attachment:
pgp00037.pgp
|