| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue Feb 21 16:04:29 2006 From: rmckenzi at rpmdp.com (Robert P. McKenzie) Subject: Compromised host list - some clarification... James Lay wrote: > So ok.....I'm completely positive I didn't make myself clear at all in > my previous message...go me! Here's a web site that I did manage to > find that has a current list of open proxies: > > http://www.samair.ru/proxy/index.htm > > My hope is that I could find a site that has a list of currently > reported open proxies, scanners, and ssh brute force boxes. The RBL's > pretty much have smtp covered. I would run a cron job at midnight, wget > and grep the file, then create an iptables table to block those hosts. > This is an attempt to be more proactive then reactive...if I knew those > hosts that were actively doing naughty things, why not block them at > the get go? > > Does this make sense? Am I barking up the wrong tree? Thanks all =) It's clear, however, as others have pointed out it's far easier to block everything and then selectivily allow what you want to talk to you. How do you think iptables will react if you have say 20,000 entries in it? My guess is it will slow your machines down. Go the sensible route and block everything and permit the much smaller list of hosts to connect to you.
Powered by blists - more mailing lists