Security Incidents mailing list archives
Re: IP Black list?
From: joey () SILICONDEFENSE COM (Joe McAlerney)
Date: Mon, 15 May 2000 15:33:24 -0700
I don't think it's a very wise idea to do this. First think of al the dynamic ip's there are with ISP'S. Blocking them will hurt "good" users also. And also how do you classify a bad host ? A host that is just performing a port scan, DoSsing the server, .... ? I have the same feeling against this as i have against the DUL-list (http://maps.vix.com/dul/). It is gonna hurt users who are just normally using the internet and not doing anything bad. cu, Patrick P.S I appologise for any bad English. English is not my native language.
Certainly there would be an uproar among the blocked customers of the ISP, but who would hear about it?.. The ISP. In the end, the only way the ISP will survive will be to fix the problem. This may involve implementing a stricter user policy, dealing with incidents reasonably, or fixing router misconfigurations. A push from the inside will help to settle things much faster. Once that is done, take 'em off the list. Everyone benefits from the end results. We are safer, the ISP has less incidents to hear about and deal with, and the ISP customers continue on their merry way. -Joe M.
Current thread:
- Re: IP Black list?, (continued)
- Re: IP Black list? Travis Pugh (May 15)
- Re: IP Black list? Jose Nazario (May 15)
- Re: IP Black list? Paul L Schmehl (May 15)
- Re: IP Black list? Travis Pugh (May 16)
- Re: IP Black list? Sebastien Berube (May 15)
- Odd scans of tcp port 12345 Russell Fulton (May 15)
- Re: Odd scans of tcp port 12345 Shadow Boxer (May 16)
- New or Variant Port 109 Scans Stephen P. Berry (May 15)
- Re: IP Black list? Patrick van Zweden (May 15)
- TCP low port scan Jose Nazario (May 15)
- Re: IP Black list? Joe McAlerney (May 15)
- Re: IP Black list? Omachonu Ogali (May 15)
- Re: IP Black list? Emre (May 15)
- Re: IP Black list? Ex Machina (May 15)
- Re: IP Black list? Keith Owens (May 16)