Security Incidents mailing list archives

Re: Network 195.70.202.0/24 is hacker-freindly

From: "Mike Lewinski" <mike () rockynet com>
Date: Tue, 4 Dec 2001 10:29:12 -0700

Are you willing to communicate with address blocks that have a
report-handling policy like this one?


No, they are null-routed here (based on our own experiences, and not
necessarily on unconfirmed reports on a list such as this). We typically
inform the parent ISP's noc of this decision.

Do you know of a blacklist for documented networks with bad network
abuse handling policies aka. hacker friendly.


http://www.rfc-ignorant.org/ lists networks that don't maintain the required
abuse address, fwiw.

I think that a blacklist for such networks is not a bad idea, if it can be
objectively maintained in some way.

In fact, I'd go beyond this and say it might be time to come up with a
BGP-based blacklist (null /32's?) tied into an IDS (preferably on a network
that doesn't have any real hosts, to minimize false positives, and with a
timeout for entries so that infected hosts which are later cleaned aren't
permanently penalized).

Mike




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Network 195.70.202.0/24 is hacker-freindly Pavel Lozhkin (Dec 03)
- Re: Network 195.70.202.0/24 is hacker-freindly Yaakov Yehudi (Dec 04)
- Re: Network 195.70.202.0/24 is hacker-freindly Nissa Moore - ISSM (Dec 04)
- <Possible follow-ups>
- RE: Network 195.70.202.0/24 is hacker-freindly Boyan Krosnov (Dec 04)
  - Re: Network 195.70.202.0/24 is hacker-freindly Mike Lewinski (Dec 04)
- Re: Network 195.70.202.0/24 is hacker-freindly Pavel Lozhkin (Dec 04)
- RE: Network 195.70.202.0/24 is hacker-freindly Justin Silles (Dec 04)
- Re: Network 195.70.202.0/24 is hacker-freindly Thierry Zoller (Dec 05)