Security Basics mailing list archives

RE: What addresses to put on my NEW black list?

From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 23 Feb 2006 09:05:31 -0800

  Unfortunately, more and more traffic is coming in on ports
80 and 443.  [Don't you love that for many application 
developers, "security engineering" consists of making sure 
that it's hard for network security to enforce policy against 
the app?]
  I'm forced to conclude that even stateful packet filter
firewalls will be useless within 3-5 years, if they're not 
already, and that the hope for network-based policy enforcement
lies with SSL proxies that know about upper-level protocols
and even object types.  [Blue Coat's latest effort looks good
to me -- I'd like to hear about other options that are out
there or coming up.]

David Gillett

-----Original Message-----
From: Ryan Cummings [mailto:l00t3r () gmail com] 
Sent: Wednesday, February 22, 2006 4:10 PM
To: phunked up!
Cc: Security-Basics
Subject: Re: What addresses to put on my NEW black list?

You might be much better off blocking the ports that 
filesharing/streaming media come in on.  You should be able 
to do a bit of searching around and find the default ports 
for most of these applications and shut them down at the 
firewall level.  Also depending on your firewall or even IDS 
(this is debatable on the use:P) you could filter the content there.

I know searching around on shoutcast.com most of the 
streaming stations use 8000+ for a port number so that is a 
good start.

On 2/22/06, phunked up! <phunkodelic () gmail com> wrote:

Trying to create a blacklist for my network.  Want to include 
addresses for mainly streaming audio, and file shareing.  I have a 
couple of network abusers who listen to internet radio that

just don't

follow company policy which has banned it.  Yes I know I should try 
and bust them but thats a pain in the butt and besides if I

do that I

don't get the joy or experience of doing this.

First off I was going to deny the addresses of various "bad"
severs/web sites on the net at my firewall.  I was then going to 
create a DNS entry that points all restriced IPs to a internal web 
server that would host a page stating that the site is banned 
(blackholing IPs).

As mentioned above the issue I have is finding the IP addresses to 
ban.  Any help would be appreciated.

Thanks!

----------------------------------------------------------------------

----- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE -

ONLINE The

Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched

consulting experience.

Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity 
Planning, Computer Emergency Response Teams, and Digital

Investigations.


http://www.msia.norwich.edu/secfocus

----------------------------------------------------------------------

-----


--------------------------------------------------------------
-------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE 
The Norwich University program offers unparalleled Infosec 
management education and the case study affords you unmatched 
consulting experience. 
Tailor your education to your own professional goals with 
degree customizations including Emergency Management, 
Business Continuity Planning, Computer Emergency Response 
Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
--------------------------------------------------------------
-------------



---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

What addresses to put on my NEW black list? phunked up! (Feb 22)
- Re: What addresses to put on my NEW black list? Ryan Cummings (Feb 22)
  - RE: What addresses to put on my NEW black list? David Gillett (Feb 23)
  - Re: What addresses to put on my NEW black list? Brian Loe (Feb 23)
  - Re: What addresses to put on my NEW black list? nodialtone (Feb 23)
  - Re: What addresses to put on my NEW black list? Neil (Feb 23)
- <Possible follow-ups>
- re: What addresses to put on my NEW black list? Steve Barron (Feb 23)
  - re: What addresses to put on my NEW black list? Jim Halfpenny (Feb 24)