Security Incidents mailing list archives
Re: IP Black list?
From: jose () BIOCSERVER BIOC CWRU EDU (Jose Nazario)
Date: Mon, 15 May 2000 16:47:41 -0400
On Mon, 15 May 2000, Travis Pugh wrote:
Stuart: I think this is a particularly dangerous idea, both politically and from a technical standpoint. It just turns into a game of brinksmanship.
agreed. the best thing to do seems to be an open forum of discussion about incidents, sources and type of incidents. provide as much info as possible, and let others safeguard their networks as they see fit. example: recently, a well known machine was involved in ongoing security incidents around the world for about two months. it was reported to two of the main outlets for incident discussions, several sites communicated openly and privately about the incidents and how it was being handled, and chose to handle it as they saw fit. a single portscan that is unverified as to the true source (nmap -D anyone?) isn't worth RBLing a domain over. but a domain that has shown to be unresponsive or otherwise uninterested in fixing well established security problems should be blacklisted at peoples' choice. keep the discussions open and reasonable, that's our best defense in the absence of packet layer authentication (ie IPsec). now if only more sites would openly discuss security incidents, we'd have more data to go on. jose nazario jose () biochemistry cwru edu PGP fingerprint: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 Public key available at http://biocserver.cwru.edu/~jose/pgp-key.asc
Current thread:
- Automated, Distributed Port Scan E. Larry Lidz (May 08)
- Re: Automated, Distributed Port Scan Martin Ixter (May 09)
- Re: Automated, Distributed Port Scan Jose Nazario (May 10)
- IP Black list? Stuart Staniford (May 11)
- Re: IP Black list? Travis Pugh (May 15)
- Re: IP Black list? Jose Nazario (May 15)
- Re: IP Black list? Paul L Schmehl (May 15)
- Re: IP Black list? Travis Pugh (May 16)
- Re: IP Black list? Sebastien Berube (May 15)
- Odd scans of tcp port 12345 Russell Fulton (May 15)
- Re: Odd scans of tcp port 12345 Shadow Boxer (May 16)
- New or Variant Port 109 Scans Stephen P. Berry (May 15)
- Re: Automated, Distributed Port Scan Martin Ixter (May 09)
- Re: IP Black list? Patrick van Zweden (May 15)
- TCP low port scan Jose Nazario (May 15)
- Re: IP Black list? Joe McAlerney (May 15)
- Re: IP Black list? Omachonu Ogali (May 15)