| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1140551024.57393.44.camel@localhost> Date: Tue Feb 21 19:44:01 2006 From: frank at knobbe.us (Frank Knobbe) Subject: Compromised hosts lists On Mon, 2006-02-20 at 22:40 -0500, Valdis.Kletnieks@...edu wrote: > On Mon, 20 Feb 2006 16:55:06 MST, James Lay said: > > I had heard tale of a site that had a semi-updated list of compromised > > hosts. I was hoping that someone knows that link...would LOVE to be > > able to get my firewall to get this list and auto-create an iptables > > rule. Thanks all! > > The secure way to do this is to first deny *all* traffic, and then add > specific rules for machines that you *do* want to talk to. Would you apply the same thinking to *outbound* traffic by first denying all outbound traffic, and then adding rules for, say eBay, Slashdot, etc? While real time firewall blocking of inbound threats reaches exhaustion fast, I think a real time block of threats that you might accidentally connect to outbound (like phishing sites or botnet C&Cs) does indeed make sense as a) the volume is typically lower, and b) you usually restrict outbound traffic only by port/service . What are your thoughts on that? Cheers, Frank -- It is said that the Internet is a public utility. As such, it is best compared to a sewer. A big, fat pipe with a bunch of crap sloshing against your ports. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060221/2847aa77/attachment.bin
Powered by blists - more mailing lists