lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20060221113256.4f342f01@homebox.slave-tothe-box.net>
Date: Tue Feb 21 18:29:02 2006
From: jlay at slave-tothe-box.net (James Lay)
Subject: Compromised host list - some clarification...

On Tue, 21 Feb 2006 16:03:56 +0000
"Robert P. McKenzie" <rmckenzi@...dp.com> wrote:

> James Lay wrote:
> > So ok.....I'm completely positive I didn't make myself clear at all
> > in my previous message...go me!  Here's a web site that I did
> > manage to find that has a current list of open proxies:
> > 
> > http://www.samair.ru/proxy/index.htm
> > 
> > My hope is that I could find a site that has a list of currently
> > reported open proxies, scanners, and ssh brute force boxes.  The
> > RBL's pretty much have smtp covered.  I would run a cron job at
> > midnight, wget and grep the file, then create an iptables table to
> > block those hosts. This is an attempt to be more proactive then
> > reactive...if I knew those hosts that were actively doing naughty
> > things, why not block them at the get go?
> > 
> > Does this make sense?  Am I barking up the wrong tree?  Thanks all
> > =)
> 
> It's clear, however, as others have pointed out it's far easier to
> block everything and then selectivily allow what you want to talk to
> you.  How do you think iptables will react if you have say 20,000
> entries in it?  My guess is it will slow your machines down.
> 
> Go the sensible route and block everything and permit the much
> smaller list of hosts to connect to you.
> 

Robert,

I do understand this, however this would not fit well for services that
are for public use..IE web or email I could not simply just deny
everyone.  But for ports that I do NOT want the public to see you
bet...block all is the way to go.  Thank you!

James

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ