Security Incidents mailing list archives
Re: IP Black list? -- NONONONONONONONO!!!
From: mikem () CRAVETECHNOLOGY COM (Michael Merideth)
Date: Mon, 15 May 2000 16:22:43 -0600
I have to chime in and say that I agree with Travis Pugh's post on this one. How on earth will it be decided who is "trusted" enough to decide what IP traffic I should receive? Hand it over to Paul Vixie? I don't think so. How on earth will it not become a political tool/weapon? How on earth will it not become a giant DoS for script kiddies to exploit and abuse? Additionally, what happens to privacy on the Internet if all of the ISP's out there are terrified of being added to such a blackhole list? I'll tell you what; it goes out the window. Already ISP's (and Universities, lest we forget) are becoming more and more draconian in what they allow their users to do with their connections. If this caught on, an ISP has no reasonable choice but to monitor all of the activities of all of their users (tracking users that closely would also make them a more likely tool for law enforcement, and not just for computer crimes). If they didn't, they'd be constantly finding themselves negotiating to have blackhole status removed. The price of freedom is eternal vigilance, and in no arena is this old saying playing itself out on a daily basis more than on the Internet. The choice is ultimately between dealing with your own security and submitting to the scrutiny of persons unknown. I, for one, will gladly accept the former. Lists such as BUGTRAQ and sites like Securityfocus.COM make it a community effort, and any resonable sysadmin can keep up with the information contained there. If you want to be ultra-paranoid about portscans, install portsentry. Don't hand control of your routers over to some alien organization, no matter how benign and trustworthy it seems. My $.02, Michael Merideth Adam Kirby wrote:
I think this is a great idea. I am interested to see how some of the undeniable implementation issues will be resolved. In any case, the idea has my support. AKStuart Staniford <stuart () SILICONDEFENSE COM> 05/11/00 01:55PM >>>I'm curious to know what folks think of the idea of a real-time blacklist for misbehaving IP addresses/blocks. Some reputable person/organization could maintain it, trusted folks known to the co-ordinator could recommend IPs to blockade, and then anyone who chose to could implement the list into router or firewall rules. We could start by putting demon.co.uk into it until they stop spraying the world with bad packets and repeating the same lame excuses for why they still haven't stopped whatever is causing that. It would also be a good place to put Korean Universities and schools, etc that constantly scan us and never respond to complaints. If use of it became widespread, this would tend to exert social pressure on bad parts of IP space to clean up their act. Their users wouldn't be able to get to lots of parts of the Internet until they satisfied the blacklist co-ordinator that the problem was resolved. Thoughts? Stuart. -- Stuart Staniford --- President --- Silicon Defense stuart () silicondefense com (707) 445-4355 (707) 445-4222 (FAX)
Current thread:
- Re: IP Black list? Adam Kirby (May 15)
- Re: IP Black list? -- NONONONONONONONO!!! Michael Merideth (May 15)
- Re: IP Black list? -- NONONONONONONONO!!! Paul L Schmehl (May 16)
- Re: IP Black list? -- NONONONONONONONO!!! Michael Merideth (May 16)
- R: LJK2 rootkit? Andrea Vettori (May 17)
- Lance Spitzner Audio interview on Forensics and Honeypots Alfred Huger (May 17)
- Re: IP Black list? -- NONONONONONONONO!!! Richard Johnson (May 16)
- Re: IP Black list? -- NONONONONONONONO!!! Paul L Schmehl (May 16)
- IP Black list - GET REAL Roelof Temmingh (May 15)
- Re: IP Black list? Jon Lewis (May 15)
- <Possible follow-ups>
- Re: IP Black list? Ed Padin (May 15)
- Re: IP Black list? jms (May 14)
- Re: IP Black list? (Track yes, Block no) Bryan Andersen (May 16)
- Re: IP Black list? jms (May 14)
(Thread continues...)
- Re: IP Black list? -- NONONONONONONONO!!! Michael Merideth (May 15)