Security Incidents mailing list archives
IP Black list?
From: stuart () SILICONDEFENSE COM (Stuart Staniford)
Date: Thu, 11 May 2000 10:55:32 -0700
I'm curious to know what folks think of the idea of a real-time blacklist for misbehaving IP addresses/blocks. Some reputable person/organization could maintain it, trusted folks known to the co-ordinator could recommend IPs to blockade, and then anyone who chose to could implement the list into router or firewall rules. We could start by putting demon.co.uk into it until they stop spraying the world with bad packets and repeating the same lame excuses for why they still haven't stopped whatever is causing that. It would also be a good place to put Korean Universities and schools, etc that constantly scan us and never respond to complaints. If use of it became widespread, this would tend to exert social pressure on bad parts of IP space to clean up their act. Their users wouldn't be able to get to lots of parts of the Internet until they satisfied the blacklist co-ordinator that the problem was resolved. Thoughts? Stuart. -- Stuart Staniford --- President --- Silicon Defense stuart () silicondefense com (707) 445-4355 (707) 445-4222 (FAX)
Current thread:
- Automated, Distributed Port Scan E. Larry Lidz (May 08)
- Re: Automated, Distributed Port Scan Martin Ixter (May 09)
- Re: Automated, Distributed Port Scan Jose Nazario (May 10)
- IP Black list? Stuart Staniford (May 11)
- Re: IP Black list? Travis Pugh (May 15)
- Re: IP Black list? Jose Nazario (May 15)
- Re: IP Black list? Paul L Schmehl (May 15)
- Re: IP Black list? Travis Pugh (May 16)
- Re: IP Black list? Sebastien Berube (May 15)
- Odd scans of tcp port 12345 Russell Fulton (May 15)
- Re: Odd scans of tcp port 12345 Shadow Boxer (May 16)
- New or Variant Port 109 Scans Stephen P. Berry (May 15)
- Re: Automated, Distributed Port Scan Martin Ixter (May 09)
- Re: IP Black list? Patrick van Zweden (May 15)
- TCP low port scan Jose Nazario (May 15)