nanog mailing list archives
Re: RBL-type BGP service for known rogue networks?
From: Shawn McMahon <smcmahon () eiv com>
Date: Thu, 6 Jul 2000 21:42:12 -0400
On Thu, Jul 06, 2000 at 07:35:19PM -0400, Mark Mentovai wrote:
If break-ins is what you're trying to avoid, a blacklist would be a terrible idea. The proper way to prevent break-ins is not to block communications with certain sites, but to fix broken software and poorly configured systems so that any break-in attempts will be unsuccessful. A blacklist would only encourage your would-be attacker to employ additional intermediaries, thereby potentially causing more damage for more people while making the ultimate source more difficult to trace.
If your attacker is somebody who decided he wanted in your site no matter what, and is engaged in a concerted attack on specifically you, that might be true. If your attacker is Joe Random Script Kiddie, who spotted you running Vulnerability Of the Week and is trying the few exploits he could get to compile, you're wrong. The most effective anti-hacking measure I ever undertook was blocking the entire .kr domain in hosts.deny. It cut attempts by more than 50%. (Before anybody jumps on me, the network in question had no users with a legitimate need to connect from Korea, and your mileage almost assuredly varies.)
Attachment:
_bin
Description:
Current thread:
- Re: RBL-type BGP service for known rogue networks?, (continued)
- Re: RBL-type BGP service for known rogue networks? Dan Hollis (Jul 06)
- Re: RBL-type BGP service for known rogue networks? Kai Schlichting (Jul 06)
- Re: RBL-type BGP service for known rogue networks? Steve Sobol (Jul 06)
- RE: RBL-type BGP service for known rogue networks? Mark Borchers (Jul 06)
- RE: RBL-type BGP service for known rogue networks? Dan Hollis (Jul 06)
- RE: RBL-type BGP service for known rogue networks? Karyn Ulriksen (Jul 06)
- Re: RBL-type BGP service for known rogue networks? David Charlap (Jul 06)
- Re: RBL-type BGP service for known rogue networks? Tony Mumm (Jul 06)
- Re: RBL-type BGP service for known rogue networks? Dan Hollis (Jul 06)
- Re: RBL-type BGP service for known rogue networks? Mark Mentovai (Jul 06)
- Re: RBL-type BGP service for known rogue networks? Shawn McMahon (Jul 06)
- Re: RBL-type BGP service for known rogue networks? David Charlap (Jul 06)
- Re: RBL-type BGP service for known rogue networks? John Payne (Jul 06)
- Re: RBL-type BGP service for known rogue networks? Valdis . Kletnieks (Jul 06)
- Re: RBL-type BGP service for known rogue networks? Dan Hollis (Jul 06)
- Re: RBL-type BGP service for known rogue networks? Christopher Palmer (Jul 07)
- Re: RBL-type BGP service for known rogue networks? Ben Beuchler (Jul 07)
- Re: RBL-type BGP service for known rogue networks? Dan Hollis (Jul 07)
- Re: RBL-type BGP service for known rogue networks? Dan Hollis (Jul 06)
- Re: RBL-type BGP service for known rogue networks? John Payne (Jul 06)
- Re: RBL-type BGP service for known rogue networks? Joe Shaw (Jul 06)