lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20060221070958.749da9c9@homebox.slave-tothe-box.net>
Date: Tue Feb 21 14:06:04 2006
From: jlay at slave-tothe-box.net (James Lay)
Subject: Compromised hosts lists

On Mon, 20 Feb 2006 22:40:00 -0500
Valdis.Kletnieks@...edu wrote:

> On Mon, 20 Feb 2006 16:55:06 MST, James Lay said:
> > I had heard tale of a site that had a semi-updated list of
> > compromised hosts.  I was hoping that someone knows that
> > link...would LOVE to be able to get my firewall to get this list
> > and auto-create an iptables rule.  Thanks all!
> 
> That's ass backwards.
> 
> The secure way to do this is to first deny *all* traffic, and then add
> specific rules for machines that you *do* want to talk to.
> 
> Think for a bit - if some random cablemodem in another timezone is on
> the list, why should you stop packets from it?  Why would you want to
> accept packets *before* it showed up on the list?  Why do you still
> want to accept packets from *other* boxes in the same /24 or /16?

I completely agree for ports that I would have closed, but obviously I
could not simply deny *all* traffic for port 25 and 80 let's say, as I
want them open to the public.

James

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ