Re: RBL-type BGP service for known rogue networks?

[Shawn McMahon <smcmahon () eiv com>]

On Thu, Jul 06, 2000 at 07:35:19PM -0400, Mark Mentovai wrote:
> If break-ins is what you're trying to avoid, a blacklist would be a terrible
> idea.  The proper way to prevent break-ins is not to block communications
> with certain sites, but to fix broken software and poorly configured systems
> so that any break-in attempts will be unsuccessful.  A blacklist would only
> encourage your would-be attacker to employ additional intermediaries,
> thereby potentially causing more damage for more people while making the
> ultimate source more difficult to trace.

If your attacker is somebody who decided he wanted in your site no matter what,
and is engaged in a concerted attack on specifically you, that might be true.

If your attacker is Joe Random Script Kiddie, who spotted you running Vulnerability
Of the Week and is trying the few exploits he could get to compile, you're
wrong.

The most effective anti-hacking measure I ever undertook was blocking the entire
.kr domain in hosts.deny.

It cut attempts by more than 50%.

(Before anybody jumps on me, the network in question had no users with a legitimate
need to connect from Korea, and your mileage almost assuredly varies.)

Attachment: _bin
Description: