Re: Worst Offenders/Active Attackers blacklists

North American Network Operators Group

Re: Worst Offenders/Active Attackers blacklists

From: Patrick W. Gilmore
Date: Tue Jan 29 16:44:05 2008

On Jan 29, 2008, at 4:23 PM, Edward B. DREGER wrote:

PWG> [Z]one transfers, while not as bad as individual lookups, are still PWG> a bad idea IMHO. For instance, are you sure you want your dynamic PWG> filters 30 or 60 minutes out of date?

As opposed to infinitely out-of-date (i.e., no filters)? Don't get me wrong; I'm none too keen on using DNS to distribute IP ACLs. I just am nitpicking that one particular point.

Frequently, yes. FPs can be more dangerous than FNs. Depends on your network, clients, etc.

And that's just the first reason that came to mind. There are plenty of others.

Or maybe not. Prove me wrong!

--
TTFN,
patrick

Follow-Ups:
- Re: Worst Offenders/Active Attackers blacklists Edward B. DREGER

References:
- Worst Offenders/Active Attackers blacklists Tomas L. Byrnes
- Re: Worst Offenders/Active Attackers blacklists Valdis . Kletnieks
- Re: Worst Offenders/Active Attackers blacklists Andrew D Kirch
- Re: Worst Offenders/Active Attackers blacklists Patrick W. Gilmore
- Re: Worst Offenders/Active Attackers blacklists Jim Popovitch
- Re: Worst Offenders/Active Attackers blacklists Patrick W. Gilmore
- Re: Worst Offenders/Active Attackers blacklists Andrew D Kirch
- Re: Worst Offenders/Active Attackers blacklists Patrick W. Gilmore
- Re: Worst Offenders/Active Attackers blacklists Edward B. DREGER

Prev by Date: Re: Worst Offenders/Active Attackers blacklists
Next by Date: Re: IPv6 questions
Date Index
Thread Index
Author Index
Historical