[Dshield] Dshield Reports
secmail at patchsupplier.dyndns.org
Sun Aug 28 01:32:13 GMT 2005
I was researching the samething a few weeks ago. I came across
They have an application on there called "block list manager", it allows
you to create your own blocklist. They have a list to choose from such
as advertising ranges, Trojans list, spyware lists, there's a fair few.
I created a c# app that added the created range from this software to
the windows packet filtering api. It was a good play. I think the
extended Dshield list would be awesome for a sort of distributed
blocklist, but what's on the blocklist will get blocked by a firewall
anyway. A bunch of snort boxes that record the IPs or broken rules and
published to a database might be more helpful for this kind of scenario?
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of George A. Theall
Sent: 27 August 2005 00:28
To: General DShield Discussion List
Subject: Re: [Dshield] Dshield Reports
On Fri, Aug 26, 2005 at 10:32:27AM -0500, bpennell at coxhealthplans.com
> I'm considering adding the Dshield Blocklist to my IPTables FW. I do
> have a couple questions.
> Is there a larger list (as in Top 100 subnets)?
I've not seen a larger list from DShield / SANS. But you might consider
incorporating the Spamhaus Don't Route Or Peer List --
http://www.spamhaus.org/drop/index.lasso -- into your firewall as it
covers known zombies / spam operations.
> I'm also considering scripting the Top 10 Offenders list into a chain.
> I am aware that some of those offenders are already blocked by the
> Dshield Blocklist, but not all.
Before you roll your own solution, check out my update-blocklist Perl
script -- http://www.tifaware.com/perl/update-blocklist/. It generates
rules for an iptables-based firewall based on static and dynamic
blocklists. Out of the box, it supports both DShield.org's and
Spamhaus' DROP list but it should be flexible enough to support others.
> How often is the Top 10 Offenders list updated?
Johannes can answer this better than I, but given that it supposedly
reflects the top offenders over the past 3 days I doubt it changes much.
theall at tifaware.com
More information about the list