[Dshield] Need some help testing

Johannes Ullrich jullrich at sans.org
Sat Jul 7 01:00:49 GMT 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


(also responding to the post from Tom here)

  guess it comes down to that its not that easy to figure out if an IP
address is static or dynamic. For example, all of 65.173.218.0/24 is
statically assigned to SANS. We may be switching things around at time
internally, but try to avoid it. Just to avoid enumeration, we do
typically only setup reverse resolution for mail servers.

  Not exactly sure about the 4. IP. We use that /24 since about 2002 or
so. But its possible. Things move around.

  Discriminating against dynamic IPs is a good idea. But well, its not
always that easy to figure out whats dynamic :-(






> Johannes B. Ullrich writes: 
> 
>> SANS server using Dynamic IP? Sorry if I am jumping in here half way
>> into the discussion. But that caught my attention ;-). All SANS servers
>> should use "static" IP addresses.
> 
> In late 2003/earily 2004 I think, (before all the major upgrading to the 
> DShield.org site) I was getting the DSHield list from a 4dot-quad number 
>  -sans.org.  I had to quickly do some serious code crunching in the pre-alpha 
> version.  I've had the rule in my config ever since.  Haven't and any 
> problems since, so I don't know what IP addresses are being used now...
> _________________________________________
> SANSFIRE 2007 July 25-August 2 in Washington, DC.  56 courses, SANS top
> instructors, and a great tools and solutions expo. Register today!
> http://www.sans.org/info/4651 (brochure code ISC)
> 


- --
- ---------
Johannes Ullrich                        http://isc.sans.org

SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
taught by our top rated instructors plus a huge vendor tools expo.
	Register Today! <http://www.sans.org/info/2501>
(Brochurecode: ISC)

PGP Key: https://secure.dshield.org/PGPKEYS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGjuXBPNuXYcm/v/0RAjJKAJ9khJZ63twd8iQayaHrXVybf75ZeACfQgWa
wSoujV/r6IK9nNBf5u6AUL8=
=Q00u
-----END PGP SIGNATURE-----

More information about the list mailing list