Security Incidents mailing list archives

Re: IP Black list?

From: DLuff () IITSCDM COM AU (Luff, Darryl)
Date: Tue, 16 May 2000 10:03:43 +1000


Most of the scans I see come from dialup IP addresses. The machine doing the
scans may only be onlyine for a couple of hours. I think by the time you
blacklisted them they're probably offline. How do you un-blacklist them?

Darryl Luff.

On Thu, 11 May 2000, Stuart Staniford wrote:

I'm curious to know what folks think of the idea of a real-time

blacklist

for misbehaving IP addresses/blocks.  Some reputable person/organization
could maintain it, trusted folks known to the co-ordinator could

recommend

IPs to blockade, and then anyone who chose to could implement the list

into

router or firewall rules.

Current thread:

Re: LJK2 rootkit?, (continued)
- - - Re: LJK2 rootkit? Jose Nazario (May 16)
    - IP blacklists phi-incident () EXORSUS NET (May 16)
    - Re: LJK2 rootkit? Omachonu Ogali (May 16)
    - Re: LJK2 rootkit? Jose Nazario (May 18)
    - Re: LJK2 rootkit? Omachonu Ogali (May 18)
    - Re: LJK2 rootkit? Jens Hektor (May 17)
    - Re: LJK2 rootkit? Egon Barfuß jun. (May 17)
    - Korea Damian Gerow (May 17)
  - Re: IP Black list? Ryan Russell (May 16)
    - Re: IP Black list? Tabor J. Wells (May 16)
- Re: IP Black list? Luff, Darryl (May 15)
  - Re: IP Black list? Michael Damm (May 15)
    - Re: IP Black list? jms (May 15)
    - TCP/IP options flags? Matt Beck (May 16)
    - unapproved update from [166.93.60.5].61946 James Ankenbrandt (May 17)
    - Re: unapproved update from [166.93.60.5].61946 Jon Lewis (May 18)
- Re: IP Black list? Volker Werth [VWSoft] (May 16)
- Re: IP Black list? Elliot Perrin (May 16)
  - Sniffer files Wozz (May 16)
    - Re: Sniffer files Randy Janinda (May 18)
    - Re: Sniffer files Robert Graham (May 18)

(Thread continues...)