[Dshield] Dshield Reports

George A. Theall theall at tifaware.com
Fri Aug 26 23:28:26 GMT 2005

On Fri, Aug 26, 2005 at 10:32:27AM -0500, bpennell at coxhealthplans.com wrote:

> I'm considering adding the Dshield Blocklist to my IPTables FW. I do
> have a couple questions.
> Is there a larger list (as in Top 100 subnets)?

I've not seen a larger list from DShield / SANS.  But you might consider
incorporating the Spamhaus Don't Route Or Peer List --
http://www.spamhaus.org/drop/index.lasso -- into your firewall as it
covers known zombies / spam operations.

> I'm also considering scripting the Top 10 Offenders list into a chain.
> I am aware that some of those offenders are already blocked by the
> Dshield Blocklist, but not all.

Before you roll your own solution, check out my update-blocklist Perl
script -- http://www.tifaware.com/perl/update-blocklist/.  It generates
rules for an iptables-based firewall based on static and dynamic
blocklists.  Out of the box, it supports both DShield.org's and
Spamhaus' DROP list but it should be flexible enough to support others. 

> How often is the Top 10 Offenders list updated?

Johannes can answer this better than I, but given that it supposedly
reflects the top offenders over the past 3 days I doubt it changes much. 

theall at tifaware.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20050826/81443473/attachment.bin

More information about the list mailing list