Security Incidents mailing list archives
Re: IP Black list?
From: pauls () UTDALLAS EDU (Paul L Schmehl)
Date: Tue, 16 May 2000 15:42:54 -0500
Uh...if your hosts have been hacked and are being used to attack other networks, then they *are* bad guys until they fix the problem. --On Tuesday, May 16, 2000 9:37 AM -0400 Elliot Perrin <EPerrin () METROLAND COM> wrote:
How about IP spoofing, TCP/IP hijacking? Let's say you get someone who doesn't like a specific business, hacks them, and initiates scans from their networks. Legitimate business with a disgruntled former employee...... How can guarantee that only the "bad hosts" or the "bad networks" will be blocked? _______________________ Elliott Perin eperrin () metroland comI don't think it's a very wise idea to do this. First think of al the dynamic ip's there are with ISP'S.Blocking themwill hurt "good" users also. And also how do you classify abad host ?A host that is just performing a port scan, DoSsing theserver, .... ?I have the same feeling against this as i have against the DUL-list (http://maps.vix.com/dul/). It is gonna hurt users who are just normally using the internet and not doing anything bad. cu, Patrick P.S I appologise for any bad English. English is not my native language.Certainly there would be an uproar among the blocked customers of the ISP, but who would hear about it?.. The ISP. In the end, the only way the ISP will survive will be to fix the problem. This may involve implementing a stricter user policy, dealing with incidents reasonably, or fixing router misconfigurations. A push from the inside will help to settle things much faster. Once that is done, take 'em off the list. Everyone benefits from the end results. We are safer, the ISP has less incidents to hear about and deal with, and the ISP customers continue on their merry way. -Joe M.
Paul L. Schmehl, pauls () utdallas edu Technical Support Services Manager The University of Texas at Dallas
Current thread:
- Re: IP Black list?, (continued)
- Re: IP Black list? Michael Damm (May 15)
- Re: IP Black list? jms (May 15)
- TCP/IP options flags? Matt Beck (May 16)
- unapproved update from [166.93.60.5].61946 James Ankenbrandt (May 17)
- Re: unapproved update from [166.93.60.5].61946 Jon Lewis (May 18)
- Re: IP Black list? Michael Damm (May 15)
- Re: IP Black list? Volker Werth [VWSoft] (May 16)
- Re: IP Black list? Elliot Perrin (May 16)
- Sniffer files Wozz (May 16)
- Re: Sniffer files Randy Janinda (May 18)
- Re: Sniffer files Robert Graham (May 18)
- Re: IP Black list? Paul L Schmehl (May 16)
- Re: IP Black list? Joe McAlerney (May 16)
- Sniffer files Wozz (May 16)
- Re: IP Black list? Robert G. Ferrell (May 16)
- Re: IP Black list? Tarkington, William (W.) (May 16)
- Re: IP Black list? Elliot Perrin (May 17)