[Dshield] dshield-based RBLs?
Johannes B. Ullrich
jullrich at sans.org
Mon Jun 7 19:05:39 GMT 2004
Well, I am always a bit ambivalent about distributing large
block lists like this. We do have our (very small) block list.
I could setup a blocklist as a "trial", and see how it works.
I will also have to check how to best filter such a blocklist.
For example, many valid mail servers do attempt auth lookups
and will show up for blocked port 113 requests. Some mail
servers are even more aggressive and will scan each host connecting
to them for open proxies. So a cas-by-ase whitelist is needed
for these servers.
Have to think about it. but overall, it looks like a lot
of work to do it right. And there are enough bad RBL's already.
CTO SANS Internet Storm Center http://isc.sans.org
phone: (617) 837 2807 jullrich at sans.org
contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040607/5895d3ce/attachment.bin
More information about the list