[Dshieldannounce] 'Block List' trial version

Johannes B. Ullrich jullrich at euclidian.com
Mon Oct 22 18:47:43 UTC 2001

Hash: SHA1

  In the past, a number of users have asked for a better way to use
DShield data to block access from certain netblocks. Some are already
using the Top 10 list.

  I thought for a while about this problem. It is not an easy problem.
First of all, top 10 'members' are requenlty dynamic IP addresses. Also,
you may not want to block an entire ISP just because one of the users is
acting up.

  My compromise at this point is to block Class C's. I made a list
available at http://feeds.dshield.org/block.txt. This is strictly a first
try / beta version. I am waiting for your feedback to change the format or
the content.

  The main part of the list is a list of unassigned netblocks. Depending
on how well your upstream provider already blocks these, you may want to
add these to your list (or not).

  The dshield part is a list of top 20 block C's.

  In the future, I expect to update such a list at least weekly, maybe
daily. It should not grow much larger, as a larger list will be harder to

    As said above, I am waiting for feedback. Please use the unmoderated
list for discussions.

- - --
- - -------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System

Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org


More information about the Dshieldannounce mailing list