funsec mailing list archives
Re: The Criminal Underground: A Walk on the Dark Side
From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Wed, 5 Sep 2007 08:34:59 -0400
On 9/4/07, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> wrote:
On Tue, 04 Sep 2007 16:20:15 EDT, Dude VanWinkle said:So if we know the IP's of "millions of compromised machines" can we get access to a list of those in order to grey/blacklist them?We know the IP addresses that some of them *used* to have. Feel free to blacklist the address and see the *current* DHCP leaseholder wonder why things are breaking.
If we have a way to detect them, we should be able to tell when they get a new lease on life, or ipv4.
And Storm is only *part* of it - remember that's only a few million, out of Vint Cerf's estimate of 140 million. When there's 140 million pwned/spywared/etc boxes out of 600M or so, you really can only take 2 stances:
So, according to your theory, we can only blacklist people if we know everyone who is compromised, else its completely useless? I disagree. Security is gained by throwing everything you have at the opposing team, not waiting around for a perfect solution to present itself, because trust me: you will be waiting a long time. Throw everything you can at them, even if it only helps against 5%, thats 5 down, 95 more to go...
1) Don't care and harden the outward-facing side to take on all comers. 2) Start whitelisting only known vetted and known systems.
I am also liking the idea of greylisting. If someone snafu's on an RFC during SMTP, we dont block them forever, just a few min. -JP _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- The Criminal Underground: A Walk on the Dark Side Paul Ferguson (Sep 01)
- <Possible follow-ups>
- Re: The Criminal Underground: A Walk on the Dark Side Paul Ferguson (Sep 01)
- Re: The Criminal Underground: A Walk on the Dark Side Dude VanWinkle (Sep 04)
- Re: The Criminal Underground: A Walk on the Dark Side Valdis . Kletnieks (Sep 04)
- Re: The Criminal Underground: A Walk on the Dark Side Dude VanWinkle (Sep 05)
- Re: The Criminal Underground: A Walk on the Dark Side Valdis . Kletnieks (Sep 05)
- High Concept Comedy: Security is Economic! Bruce Ediger (Sep 05)
- Re: The Criminal Underground: A Walk on the Dark Side Dude VanWinkle (Sep 05)
- Re: The Criminal Underground: A Walk on the Dark Side Valdis . Kletnieks (Sep 05)
- Re: The Criminal Underground: A Walk on the Dark Side coderman (Sep 05)
- Re: The Criminal Underground: A Walk on the Dark Side Dude VanWinkle (Sep 05)
- Re: The Criminal Underground: A Walk on the Dark Side coderman (Sep 05)
- Re: The Criminal Underground: A Walk on the Dark Side Dude VanWinkle (Sep 06)
- Re: The Criminal Underground: A Walk on the Dark Side Valdis . Kletnieks (Sep 06)
- Re: The Criminal Underground: A Walk on the Dark Side Jim Murray (Sep 06)
- Re: The Criminal Underground: A Walk on the Dark Side Dude VanWinkle (Sep 04)