Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Scans from proxyprotector.com

From: Valdis.Kletnieks () vt edu
Date: Thu, 22 May 2003 15:13:44 -0400
On Wed, 21 May 2003 16:28:21 EDT, Justin Pryzby said:

Or a site that lists hosts that should be blocked?  Like the dynamic
email blocking: just cron a daily download and firewall rule update.

Anyone up for this?


There's two problems you always need to overcome with this sort of proposal:

1) Trusting the people that run the block-list.  There's been no end of
anti-spam RBL's that have been rogue to some greater or lesser degree,
and not even a clear definition of what 'rogue' even means.  Go back and
research the great ORBZ/MAPS feud - wasn't *ANYBODY* in that one that
was completely and totally blameless..  And yes, I'm saying that even though I
*do* have great respect for at least some of the people involved - nobody
makes perfect choices all the time...

2) Trusting the actual update process.  All sorts of openings for the
ensuing hilarity as you download a new ruleset that happens to block your
default router or something. (Hint - why do most big shops *NOT* run
WindowsUpdate or similar automagic update-on-the-fly?)

-- 
                                Valdis Kletnieks
                                Computer Systems Senior Engineer
                                Virginia Tech

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: