[Dshieldannounce] 'Block List' trial version

Johannes B. Ullrich jullrich at euclidian.com
Mon Oct 22 18:47:43 UTC 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


  In the past, a number of users have asked for a better way to use
DShield data to block access from certain netblocks. Some are already
using the Top 10 list.

  I thought for a while about this problem. It is not an easy problem.
First of all, top 10 'members' are requenlty dynamic IP addresses. Also,
you may not want to block an entire ISP just because one of the users is
acting up.

  My compromise at this point is to block Class C's. I made a list
available at http://feeds.dshield.org/block.txt. This is strictly a first
try / beta version. I am waiting for your feedback to change the format or
the content.

  The main part of the list is a list of unassigned netblocks. Depending
on how well your upstream provider already blocks these, you may want to
add these to your list (or not).

  The dshield part is a list of top 20 block C's.

  In the future, I expect to update such a list at least weekly, maybe
daily. It should not grow much larger, as a larger list will be harder to
manage.

    As said above, I am waiting for feedback. Please use the unmoderated
list for discussions.

- - --
- - -------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE71GnTVOIizK5pIDMRAojMAKCOtpxhyO91Lb7Tydii9pnlY32S4wCfWKcx
MbeBdL7eLTE8cEfpDYo4dSU=
=fhTm
-----END PGP SIGNATURE-----




More information about the Dshieldannounce mailing list