Re: IP Black list?

[epadin () WAGWEB COM (Ed Padin)]

I think it's a great idea! It's a little harder to implement than the SPAM
black list. You have to make sure that complaints of an IP address come from
a lot more sources and there has to a line drawn as to how much is real
crack attempts. The jury is still out on whether port scanning is considered
a innocent bahavior. Where do you draw the line? In the case of demon
internet, they say that their routers are misbehaving. Maybe they are
telling the truth (doubtful, but how do you disprove it.). At the very
least, they do respond to complaints unlike the Korean universities.

> -----Original Message-----
> From: Stuart Staniford [mailto:stuart () SILICONDEFENSE COM]
> Sent: Thursday, May 11, 2000 1:56 PM
> To: INCIDENTS () SECURITYFOCUS COM
> Subject: IP Black list?
>
>
> I'm curious to know what folks think of the idea of a
> real-time blacklist
> for misbehaving IP addresses/blocks.  Some reputable
> person/organization
> could maintain it, trusted folks known to the co-ordinator
> could recommend
> IPs to blockade, and then anyone who chose to could implement
> the list into
> router or firewall rules.
>
> We could start by putting demon.co.uk into it until they stop
> spraying the
> world with bad packets and repeating the same lame excuses for why they
> still haven't stopped whatever is causing that.  It would also
> be a good
> place to put Korean Universities and schools, etc that
> constantly scan us
> and never respond to complaints.  If use of it became widespread, this
> would tend to exert social pressure on bad parts of IP space
> to clean up
> their act.  Their users wouldn't be able to get to lots of parts of the
> Internet until they satisfied the blacklist co-ordinator that
> the problem
> was resolved.
>
> Thoughts?
>
> Stuart.
>
> --
> Stuart Staniford  ---  President  ---  Silicon Defense
>                   stuart () silicondefense com
> (707) 445-4355                     (707) 445-4222 (FAX)