[Dshield] using the feeds for your firewall

David Kennedy CISSP david.kennedy at acm.org
Mon Jul 30 03:30:33 GMT 2001


-----BEGIN PGP SIGNED MESSAGE-----

At 12:30 AM 7/28/01 -0400, Johannes B. Ullrich wrote:
>- only authenticated reports will be considered.
>- an IP has to show up in multiple authors reports.
>- the report has to be recent (5 days ?)
>

- - only IP with no satisfactory reponse from their ISP after two
attempts.

(Give ISP's a chance to enforce their TOS/AUP)

- - only probes of destination TCP ports of <1025 or known trojan horse
default ports

(no Half-Life, PC Anywhere etc generated blacklisting but Sub7 could)


-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: hacker=cybercriminal--the definition changed; get over it

iQCVAwUBO2TUs/GfiIQsciJtAQGq0QP+KeHofIc1cLf0ZtPzT0rNt4WanMjRZWPr
xuzcIhWzkDaePjSkCtcwQ7CJ9uPyvozX7VXjDueZ8d0tf5QNUQSap/kL02Y2e5rx
vGAqbze7fVBShPVNN6vTDuOU+zE1jsBDIv3Deo1ykLPX44wROADwWWQp/N930RBg
m0/MeI6bb2g=
=DyFV
-----END PGP SIGNATURE-----

-- 
Regards,

David Kennedy CISSP
Director of Research Services, TruSecure Corp. http://www.trusecure.com
Protect what you connect.
Look both ways before crossing the Net.




More information about the list mailing list