[Dshield] Block List - next version

Johannes B. Ullrich jullrich at euclidian.com
Fri Oct 26 18:52:04 GMT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


I added more comments to the list of reocmmended blocks.
I also added 192.0.0.0/16 to the list of reserved networks.
(not just 192.0.10.0/24).

The list continues to only list /8 /16 /24 subnets. I refrained
from combining some of them to larger subnets. I think it aids
simple parsing of the list to only use "one-byte-subnets". Let
me know if anybody feels in favor or against it.

I did not add the multicast subnets, but added them as a comment. I feel 
that some people may not want to block them. Also, they shouldn't realy 
travel too far across routers anyway. 

I got one not from a listed subnet asking me to 'unlist' them. I complied 
in this case. To make the list more 'relevant', it only considers reports 
received during the last two weeks.

Still... Don't use this list blindly. It needs more work. But I wanted to 
get this update out to get more feedback.


- -- 
- -------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE72bDXVOIizK5pIDMRAl1AAKC0nRm9OsUH+TkH1OTJydn/6cAtIgCfVtK8
lVWq4A8BDc+locHuYxl/I+E=
=z2A9
-----END PGP SIGNATURE-----




More information about the list mailing list