[Dshield] Local DNS RBL
liebl at thetethered.com
Mon Jan 31 17:35:03 GMT 2005
Is that really the case? Did you mean bad guys, and not-bad guys? 'cause
the not-bad guys may not be good guys ;)
If you look at the thread pool, you probably can identify a few known
good sites, a few known bad sites, but the majority is probably unknown.
If Lithuania is not on the list of bad guys, can they be fully trusted
as good guys?
I think it would make sense from a security perspective to label all as
bad, except for those that known good.
(keep in mind, we're still talking about blocking countries. There are
no doubt known bad hosts within known good countries.)
By this thinking all are guilty until proven innocent, call me naive but
my way of thinking has this the other way around.
This all goes back to best practices.
If you have a mail server that only has mail on it then only open the
required ports, have antispam and antivirus measures, etc...
But what your suggesting is that I'm bad by the country I live in. If
someone in one of these "bad" countries wants to email you, then they
can't. You'll never know if it was something you wanted or not. They're
all bad by your definition.
Instead there should be a white list, black list, and a grey (default)
list. Everyone should be on the grey list until proven else.
If the problem you are trying to solve is spam, then you need better
software and/or procedures.
If you applied your same way of thinking about to software or websites,
you would never go anywhere on the web nor use any new software.
What I'm really saying is that this idea of blocking by country (tld or IP)
is not the best solution.
More information about the list