lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 21 Jan 2008 09:17:56 -0800
From: Jim Harrison <Jim@...tools.org>
To: "Thor (Hammer of God)" <thor@...merofgod.com>,
	"bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com>
Subject: RE: Country by Country ISA Computer Sets

<sarcasm tagfor=oblivoious>
Yeh, but what if I want you to justify your decisions in the context of my perceptions?
You don't find it reasonable that because you wish to share your efforts for free that they should serve my needs as well?
</sarcasm>

For the record, I tried Tim's blocklists and because I use an external spam-catcher and therefore accept mail only from them or specific hosts, I can statistically validate the statement that the sources of SMTP connection attempts that ignore my MX record are coming from a large percentage of the IPs Tim assembled, with the majority coming from east Asia (China & Korea being the most active).

It's a fair bet that any SMTP connection attempts that fail to agree with your MX record are "less than trustworthy".

Jim

-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@...merofgod.com]
Sent: Saturday, January 19, 2008 10:41 AM
To: bugtraq@...urityfocus.com
Subject: RE: Country by Country ISA Computer Sets

There is nothing irrational about identifying the source of unwanted
traffic, qualifying what is or isn't malicious, and then taking whatever
action you feel is appropriate.

If there is no reason (business, personal, or otherwise) for traffic
from the US or the UK to be reaching your network, then by all means
block all of it if that is what you choose to do.  If you re-read my
post, you'll see that the purpose for the sets is for people to make
*educated* decisions regarding what they may choose to block and from
where.  In my case (and cases where colleagues tested this) blocking all
SMTP from China resulted in a dramatic (not just "noticeable") reduction
in overall SPAM.  In the case of the site that I own (HoG) I decided to
actually block ALL traffic from China across the board.  Does this mean
that some people who legitimately want to view Hammer of God content
will blocked?  Yep.  Sure does - but that is my choice to make.  I don't
get emails from people in China, so SMTP is no problem.  My web traffic
gets logged in SQL as well - and I have looked for valid requests there
as well, and have not seen any - so I think it is a perfectly valid
action *for me*.  It obviously isn't for other people, but at least they
can make their own decisions of what to block (or allow) from where.
Nowhere did I say "you need to block all traffic from these countries."
I simply said "here are pre-constructed IP sets by country for you to
use to make educated and informed decisions of what to do for your
network."

There's nothing irrational about that.

t



> -----Original Message-----
> From: Paa.listas [mailto:paa.listas@...il.com]
> Sent: Saturday, January 19, 2008 3:19 AM
> To: Thor (Hammer of God); bugtraq@...urityfocus.com
> Subject: RE: Country by Country ISA Computer Sets
>
> Hello,
>
>       Most of the attacks to my network come from USA and UK. Do I
need
> to
> deny all access from those countries? I think that the simple idea is
> irrational.
>
> I should block _attacks_ from those countries, inform the IP
> owners(ISP),
> and keep my network secure (it is the least that I can do) nothing
more
> against those (or any other) country.
>
> That is what I think. :)
>
> Saludos. Pablo.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ