Re: The Criminal Underground: A Walk on the Dark Side

[Valdis.Kletnieks () vt edu]

On Tue, 04 Sep 2007 16:20:15 EDT, Dude VanWinkle said:

> So if we know the IP's of "millions of compromised machines" can we
> get access to a list of those in order to grey/blacklist them?

We know the IP addresses that some of them *used* to have.  Feel free to
blacklist the address and see the *current* DHCP leaseholder wonder why
things are breaking.

And Storm is only *part* of it - remember that's only a few million, out
of Vint Cerf's estimate of 140 million.

When there's 140 million pwned/spywared/etc boxes out of 600M or so, you
really can only take 2 stances:

1) Don't care and harden the outward-facing side to take on all comers.
2) Start whitelisting only known vetted and known systems.

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.