North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Worst Offenders/Active Attackers blacklists
On Jan 29, 2008, at 9:43 AM, Jim Popovitch wrote: On Jan 29, 2008 12:58 AM, Patrick W. Gilmore <[email protected]> wrote:A general purpose host or firewall is NOTHING like a mail server. I read that, but discounted it. There has been more than one single- packet compromise in the past. Not really a good idea to let packets through for a while, _then_ decide to stop them. Kinda closing the bard door after yada yada yada. Perhaps combine the two? Have a stateful firewall which also checks DNSBLs? I can see why that would be attractive to someone, but still not a good idea. Not to mention no DNSBL operator would let any reasonably sized network query them for every new source address - the load would squash the name servers. As I mentioned, zone transfer the DNSBL and check against that might add a modicum of usefulness, but still has lots of bad side effects. Then again, what do I know? Please implement this in production and show me I'm wrong. I smell a huge business opportunity if you can get it to work! -- TTFN, patrick
|