[Dshield] Local DNS RBL

Pete Cap peteoutside at yahoo.com
Wed Jan 26 23:32:38 GMT 2005


--- Frank Knobbe <frank at knobbe.us> wrote:
> While on the subject of blocking, I always snicker
> when people preach
> the "deny-all-allow-what-is-required" firewall
> mantra, but then turn
> around and selectively block countries they think
> are hostile. Why not
> block them all, and only allow certain, friendly
> networks???

Hi Frank,

It's a valid question.  The short answer is, the list
of good guys out there on the net is still a lot
longer than the list of bad guys (although maybe this
is not so clearly defined when a "good" host can be a
"bad" host if it's part of a botnet).  On the other
hand, the list of necessary services is short, and the
list of wholly unnecessary services is very long.

Furthermore, the purpose of a server is to do a few
things for a lot of people.  Therefore, denying all
but a few activities (web traffic for the web server,
etc.) but allowing as many people as possible makes
sense.

The original poster suggested that there is a close
correlation between "bad activity" and certain
countries.  I'm not convinced that this is the
case--the vast majority of the garbage hitting my
firewall is being relayed by hosts within the US. 
Sure, I get the most interesting toys from Chinese
websites, but that doesn't make China the main
culprit.  So far as I have seen, hacking activity
seems closely related to the global distribution of
the IPv4 netspace, which means that it makes more
sense to work on securing your server than to work on
blocking on a nation-by-nation basis.

Just my two cents,

Regards,
Pete


		
__________________________________ 
Do you Yahoo!? 
The all-new My Yahoo! - What will yours do?
http://my.yahoo.com 



More information about the list mailing list