Security Incidents mailing list archives
Re: Network 195.70.202.0/24 is hacker-freindly
From: "Mike Lewinski" <mike () rockynet com>
Date: Tue, 4 Dec 2001 10:29:12 -0700
Are you willing to communicate with address blocks that have a report-handling policy like this one?
No, they are null-routed here (based on our own experiences, and not necessarily on unconfirmed reports on a list such as this). We typically inform the parent ISP's noc of this decision.
Do you know of a blacklist for documented networks with bad network abuse handling policies aka. hacker friendly.
http://www.rfc-ignorant.org/ lists networks that don't maintain the required abuse address, fwiw. I think that a blacklist for such networks is not a bad idea, if it can be objectively maintained in some way. In fact, I'd go beyond this and say it might be time to come up with a BGP-based blacklist (null /32's?) tied into an IDS (preferably on a network that doesn't have any real hosts, to minimize false positives, and with a timeout for entries so that infected hosts which are later cleaned aren't permanently penalized). Mike ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Network 195.70.202.0/24 is hacker-freindly Pavel Lozhkin (Dec 03)
- Re: Network 195.70.202.0/24 is hacker-freindly Yaakov Yehudi (Dec 04)
- Re: Network 195.70.202.0/24 is hacker-freindly Nissa Moore - ISSM (Dec 04)
- <Possible follow-ups>
- RE: Network 195.70.202.0/24 is hacker-freindly Boyan Krosnov (Dec 04)
- Re: Network 195.70.202.0/24 is hacker-freindly Mike Lewinski (Dec 04)
- Re: Network 195.70.202.0/24 is hacker-freindly Pavel Lozhkin (Dec 04)
- RE: Network 195.70.202.0/24 is hacker-freindly Justin Silles (Dec 04)
- Re: Network 195.70.202.0/24 is hacker-freindly Thierry Zoller (Dec 05)