lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue Feb 21 14:06:04 2006 From: jlay at slave-tothe-box.net (James Lay) Subject: Compromised hosts lists On Mon, 20 Feb 2006 22:40:00 -0500 Valdis.Kletnieks@...edu wrote: > On Mon, 20 Feb 2006 16:55:06 MST, James Lay said: > > I had heard tale of a site that had a semi-updated list of > > compromised hosts. I was hoping that someone knows that > > link...would LOVE to be able to get my firewall to get this list > > and auto-create an iptables rule. Thanks all! > > That's ass backwards. > > The secure way to do this is to first deny *all* traffic, and then add > specific rules for machines that you *do* want to talk to. > > Think for a bit - if some random cablemodem in another timezone is on > the list, why should you stop packets from it? Why would you want to > accept packets *before* it showed up on the list? Why do you still > want to accept packets from *other* boxes in the same /24 or /16? I completely agree for ports that I would have closed, but obviously I could not simply deny *all* traffic for port 25 and 80 let's say, as I want them open to the public. James
Powered by blists - more mailing lists