Re: Bogon list or Dshield.org type list

["Johannes Ullrich" <jullrich () sans org>]

I do not recommend adding every IP listed at DShield to your filter.
We do publish a 'block list', of the worst networks (based on reports
for the last 5 days). 

Quick note on our methods: We basically aggregate firewall logs and
offer summarized reports. The reports should allow everyone to apply
their own judgment.

For the block list:
http://www.dshield.org/block_list_info.html



On Sat, 27 Jul 2002 20:19:47 -0400
"Phil Rosenthal" <pr () isprime com> wrote:

> I can comment on the dshield list.
> I have seen this before.  I am checking one particular IP on my network
> that has a very popular freehost on it.  Checking the load balancer IP
> (connections cannot be originated from this IP) -- it shows that there
> were 13 attacks initiated from the IP, and 7 targets.  Whatever their
> algorithm is, it doesn't seem reliable enough for me to trust it if an
> IP that can not originate connections is listed as an attacker (albeit
> small on their list)
> --Phil
>
> -----Original Message-----
> From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of
> alsato
> Sent: Saturday, July 27, 2002 8:08 PM
> To: nanog () merit edu
> Subject: Bogon list or Dshield.org type list
>
>
>  
> Im wondering how many of you use Bogon Lists and
> http://www.dshield.org/top10.html type lists on your routers?  Im
> curious to know if you are an ISP  with customers or backbone provider
> or someone else?  I have a feeling not many people use these on routers?
> Im wondering why or why not? 
>  Ive never used them on my routers although I work for a new isp/cable
> provider.  Im thinking it would make my users happy to use them though.
>  
>  
> alsato


-- 
---------------------------------------------------------------
jullrich () sans org             Collaborative Intrusion Detection
                                    join http://www.dshield.org