[Dshield] dshield-based RBLs?

John Hardin johnh at aproposretail.com
Wed Jun 9 15:52:58 GMT 2004


On Tue, 2004-06-08 at 15:03, Mark Tombaugh wrote:
> On Tuesday 08 June 2004 2:19 pm, John Hardin wrote:
> > I'd certainly consider it an indicator of a system *I* don't want to
> > receive mail from...
> 
> Why not? The fact that their firewall administration isnt versed on egress 
> filtering doesn't prove any "future crime" from that system or that 
> particular address. 

No, it's not a 100% indicator. But I'd argue that it's a 90% indicator
of a vulnerable system, and how many of those vulnerable systems will
get compromised by an autonomous spambot worm?

> Blocking incoming mail from addresses that send netbios traffic 
> over the Internet doesn't make much sense to me. I would imagine you would 
> wind up with several adverse side effects & false positives, a humongous 
> list, and not much added security. JM2C,

Well, granted the mere presence of NetBIOS traffic might not be a good
indicator, hence the suggestion of a traffic threshold that would need
to be exceeded before an IP address was included in the DNSBL.

What I hope this would achieve is providing a more proactive complement
to xbl.spamhaus.org.

--
John Hardin  KA7OHZ                           <johnh at aproposretail.com>
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
  ...the Fates notice those who buy chainsaws...
                                             -- www.darwinawards.com
-----------------------------------------------------------------------
 35 days until Apropos Forum 2004




More information about the list mailing list