|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Worst Offenders/Active Attackers blacklists
My suggestion would be not even to try iptables. It'll take hours just to load 10 million entries. There's no efficient mass loading interface. -J > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of > [email protected] > Sent: Monday, January 28, 2008 4:23 PM > To: Tomas L. Byrnes > Cc: [email protected] > Subject: Re: Worst Offenders/Active Attackers blacklists > > On Sun, 27 Jan 2008 12:21:27 PST, "Tomas L. Byrnes" said: > > I'm the CTO and founder of ThreatSTOP (www.threatstop.com), and we're > > currently propagating the DShield, and some other, block lists for > use > > in firewalls. I'm interested in gathering additional threat > > information, and serving additional communities. > > > > Is there any interest in a collaborative platform where anonymized > > candidates for blocking would be submitted by a trusted group, and > > then propagated out to the whole group? > > http://www.ranum.com/security/computer_security/editorials/dumb/ > > This illustrates dumb idea #2. Explain to me how you intend to > enumerate enough of the "bad" hosts out there that such a blocklist > would help, while still having it small enough that you don't blow out > the RAM on whatever device you're installing it on. Have you *tested* > whatever iptables/ipf/ACL for proper operation with 10 million entries? > >
|