Firewall Wizards mailing list archives
Re: Lists of IP's we should be blocking
From: Kevin <kkadow () gmail com>
Date: Sat, 11 Dec 2004 19:46:16 -0600
On Wed, 8 Dec 2004 15:20:57 +0200, Bruce Smith <bruce_the_loon () worldonline co za> wrote:
Is there a list of dangerous, evil IP's that should be blocked or at least watched closely at the borders of the Internet?
No. There are a number of special purpose DNSBL and IP blacklists, but the primary reason there is no one universal block list is, who can we trust to build and maintain such a list? Obviously any "edge" gateway should be have rules to only permit out packets showing a legitimate routable internal source (anti-spoofing egress filters aka URPF), and there is no reason not to block outbound traffic showing a destination address of your internal network, RFC-1918 address space, or bogons (unallocated IP space, see here for details: http://www.cymru.com/Bogons/)
Address like virus targets, root-kit sources and so forth.
This gets tricky, since these tend to move around, and can be innocent bystanders or otherwise legitimate hosts.
And what is the group's opinion on the idea of a general purpose dark IP list?
There are legitimate lists of addresses which are not valid on the Internet: http://bgphints.ruud.org/articles/bogons.html http://www.nanog.org/mtg-0410/pdf/soricelli.pdf These lists are effective because the contents change only very slowly (but bear in mind the "69/8" address block problems), and reflect a legitimate technical distinction between "valid" and "invalid" addresses. When you start getting into labeling individual hosts and network as "good" and "evil", things can get very messy very quickly. Kevin _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Lists of IP's we should be blocking Bruce Smith (Dec 11)
- Re: Lists of IP's we should be blocking Devdas Bhagat (Dec 12)
- Re: Lists of IP's we should be blocking Crispin Cowan (Dec 12)
- Re: Lists of IP's we should be blocking Adam Shostack (Dec 12)
- Re: Lists of IP's we should be blocking Paul D. Robertson (Dec 12)
- Re: Lists of IP's we should be blocking Crispin Cowan (Dec 12)
- Re: Lists of IP's we should be blocking Paul D. Robertson (Dec 12)
- RE: Lists of IP's we should be blocking Bruce Smith (Dec 12)
- RE: Lists of IP's we should be blocking Mark . Boltz (Dec 12)
- Re: Lists of IP's we should be blocking Adam Shostack (Dec 12)