[Dshield] 'Block List' trial version
Johannes B. Ullrich
jullrich at euclidian.com
Mon Oct 22 18:43:00 GMT 2001
-----BEGIN PGP SIGNED MESSAGE-----
In the past, a number of users have asked for a better way to use
DShield data to block access from certain netblocks. Some are already
using the Top 10 list.
I thought for a while about this problem. It is not an easy problem.
First of all, top 10 'members' are requenlty dynamic IP addresses. Also,
you may not want to block an entire ISP just because one of the users is
My compromise at this point is to block Class C's. I made a list
available at http://feeds.dshield.org/block.txt. This is strictly a first
try / beta version. I am waiting for your feedback to change the format or
The main part of the list is a list of unassigned netblocks. Depending
on how well your upstream provider already blocks these, you may want to
add these to your list (or not).
The dshield part is a list of top 20 block C's.
In the future, I expect to update such a list at least weekly, maybe
daily. It should not grow much larger, as a larger list will be harder to
As said above, I am waiting for feedback on this.
jullrich at sans.org Join http://www.DShield.org
Distributed Intrusion Detection System
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
More information about the list