Full Disclosure mailing list archives
Re: Compromised hosts lists
From: James Lay <jlay () slave-tothe-box net>
Date: Tue, 21 Feb 2006 07:09:58 -0700
On Mon, 20 Feb 2006 22:40:00 -0500 Valdis.Kletnieks () vt edu wrote:
On Mon, 20 Feb 2006 16:55:06 MST, James Lay said:I had heard tale of a site that had a semi-updated list of compromised hosts. I was hoping that someone knows that link...would LOVE to be able to get my firewall to get this list and auto-create an iptables rule. Thanks all!That's ass backwards. The secure way to do this is to first deny *all* traffic, and then add specific rules for machines that you *do* want to talk to. Think for a bit - if some random cablemodem in another timezone is on the list, why should you stop packets from it? Why would you want to accept packets *before* it showed up on the list? Why do you still want to accept packets from *other* boxes in the same /24 or /16?
I completely agree for ports that I would have closed, but obviously I could not simply deny *all* traffic for port 25 and 80 let's say, as I want them open to the public. James _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Compromised hosts lists James Lay (Feb 20)
- Re: Compromised hosts lists Jason Coombs (Feb 20)
- Re: Compromised hosts lists Gadi Evron (Feb 20)
- Re: Compromised hosts lists Valdis . Kletnieks (Feb 20)
- Re: Compromised hosts lists James Lay (Feb 21)
- Re: Compromised hosts lists Valdis . Kletnieks (Feb 21)
- Re: Compromised hosts lists Frank Knobbe (Feb 21)
- Re: Compromised hosts lists Valdis . Kletnieks (Feb 21)
- Re: Compromised hosts lists James Lay (Feb 21)
- <Possible follow-ups>
- Re: Compromised hosts lists security czar (Feb 22)