Security Incidents mailing list archives
IP Black list - GET REAL
From: roelof () SENSEPOST COM (Roelof Temmingh)
Date: Tue, 16 May 2000 01:05:49 +0200
IP Blacklisting on the Internet? (die IK hier is duidelik kamertempratuur) Blocking IP blocks is like giving a flu patient an aspirin - you are not treating the cause. Good security pratices and proper user eduacation will go much further in solving the problem. If you design an access control system, do you enforce the control at the client? No - you do it at the server. Same thing here. If you config a firewall, do you firewall at all the client sites? No - you firewall the server. Same thing here. If you block IPs, do you do it at the source? No - you block it at the destination. Take a guess...same thing here. The system will never be effective. I am thinking about web proxies, anonymizers, anonymous shell servers, cybercafes. Are you going to block the source of all the bad guys on the Internet? Wake up.. How do you handle dynamic allocated IPs to dialin users? Block the whole of the ISP? DHCP allocated IPs to corporations? Block the whole corporation? What about entire corporations behind a NAT firewall? One IP number represents 15000 users. Are you prepared to pull the plug on 1000s of innocent Internet users? Can you spell revolution? What about if I spoof a DDoS attack from YOUR IP to the NSA? You would not like that now, would you? Who decides who goes on and off the blacklist? Hmmm...today, information = money. Control information and you control money. And money makes the world go around...(or so they say) It will never be close to 100% effective. The time and money spent to keep such a thing in place and running smoothly will not be worth the effort. Can you spell long-and-expensive-court-cases? It will cause a revolution, and will create a body that will have complete control on what runs on the Internet's wires...and we don't want that, do we? DO WE?!? So - kill this thread - it is going nowhere fast. Regards, Roelof. PS: sorry if all of this sounds harsh - yes, I am indeed having a bad day. ------------------------------------------------------ Roelof W Temmingh SensePost IT security roelof () sensepost com +27 83 448 6996 http://www.sensepost.com
Current thread:
- Re: IP Black list? Adam Kirby (May 15)
- Re: IP Black list? -- NONONONONONONONO!!! Michael Merideth (May 15)
- Re: IP Black list? -- NONONONONONONONO!!! Paul L Schmehl (May 16)
- Re: IP Black list? -- NONONONONONONONO!!! Michael Merideth (May 16)
- R: LJK2 rootkit? Andrea Vettori (May 17)
- Lance Spitzner Audio interview on Forensics and Honeypots Alfred Huger (May 17)
- Re: IP Black list? -- NONONONONONONONO!!! Richard Johnson (May 16)
- Re: IP Black list? -- NONONONONONONONO!!! Paul L Schmehl (May 16)
- IP Black list - GET REAL Roelof Temmingh (May 15)
- Re: IP Black list? Jon Lewis (May 15)
- <Possible follow-ups>
- Re: IP Black list? Ed Padin (May 15)
- Re: IP Black list? jms (May 14)
- Re: IP Black list? (Track yes, Block no) Bryan Andersen (May 16)
- You can now track Bugtraq via software (fwd) Alfred Huger (May 15)
- Re: IP Black list? jms (May 14)
- Re: IP Black list? Mike Shannon (May 15)
- LJK2 rootkit? Felix Schueren (May 16)
- Re: LJK2 rootkit? Jose Nazario (May 16)
- IP blacklists phi-incident () EXORSUS NET (May 16)
- Re: LJK2 rootkit? Omachonu Ogali (May 16)
- LJK2 rootkit? Felix Schueren (May 16)
(Thread continues...)
- Re: IP Black list? -- NONONONONONONONO!!! Michael Merideth (May 15)