nanog mailing list archives

Re: compromized host list available

From: Chris Kuethe <chris.kuethe () gmail com>
Date: Thu, 21 Jul 2005 10:28:08 -0600


On 7/21/05, Joseph S D Yao <jsdy () center osis gov> wrote:


On Wed, Jul 20, 2005 at 04:32:09PM -0700, Rick Wesson wrote:

Folks,

I've developed a tool to pull together a bunch of information from
DNSRBLs and mix it with a BGP feed, the result is that upon request I
can generate a report of all the compromised hosts on your network as
seen by various DNSRBLs.

...

Unless you have personally verified each entry, you would do well to add
a disclaimer that DNSRBLs are not 100% reliable, eh?


Well there is that, but that should be implicit in pretty much every
report you get that $this or $that host is compromised. This is just a
convenient offering to say "someone out there thinks one of your
machines is holed. You might want to check that out." I'm good friends
with some fully-automated blackholing mechanisms, and even I'm not
crazy enough to just blackhole my own machines on someone else's
say-so.

CK


-- 
GDB has a 'break' feature; why doesn't it have 'fix' too?

Current thread:

compromized host list available Rick Wesson (Jul 20)
- Re: compromized host list available Joseph S D Yao (Jul 21)
  - Re: compromized host list available Chris Kuethe (Jul 21)
  - Re: compromized host list available Joe Abley (Jul 21)
    - Re: compromized host list available Joseph S D Yao (Jul 21)
    - Re: compromized host list available John Payne (Jul 21)
    - Re: compromized host list available Joseph S D Yao (Jul 21)
    - Re: compromized host list available Randy Bush (Jul 21)
  - Re: compromized host list available Charles Cala (Jul 21)
    - Re: compromized host list available Joseph S D Yao (Jul 21)
- <Possible follow-ups>
- RE: compromized host list available Hannigan, Martin (Jul 21)
  - RE: compromized host list available Todd Vierling (Jul 21)
    - Re: compromized host list available Rick Wesson (Jul 21)