[102125] in North American Network Operators' Group
Worst Offenders/Active Attackers blacklists
daemon@ATHENA.MIT.EDU (Tomas L. Byrnes)
Sun Jan 27 15:24:25 2008
Date: Sun, 27 Jan 2008 12:21:27 -0800
From: "Tomas L. Byrnes" <tomb@byrneit.net>
To: <nanog@nanog.org>
Errors-To: owner-nanog@merit.edu
This is a multi-part message in MIME format.
------_=_NextPart_001_01C86122.32385F12
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
There are a number of public network attacker threat feeds available,
the most well know of which, AFAIK, is the Internet Storm Center's
DShield system. I know a few network operators, including at least one
on this list, also run private versions of the DShield system.
=20
Are there many others?=20
=20
Do any or most network operators have some sort of private current block
list that gets pushed out to routers and or firewalls/traffic shapers in
real time?
=20
I'm the CTO and founder of ThreatSTOP (www.threatstop.com), and we're
currently propagating the DShield, and some other, block lists for use
in firewalls. I'm interested in gathering additional threat information,
and serving additional communities.
=20
Is there any interest in a collaborative platform where anonymized
candidates for blocking would be submitted by a trusted group, and then
propagated out to the whole group?
=20
I'd be happy to collect responses anonymously and submit a summary back
to the list, if people don't want to open this up on the list.
=20
=20
=20
=20
------_=_NextPart_001_01C86122.32385F12
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.6000.16587" name=3DGENERATOR></HEAD>
<BODY>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D936411320-27012008>There =
are a number=20
of public network attacker threat feeds available, the most well know of =
which,=20
AFAIK, is the Internet Storm Center's DShield system. I know a few =
network=20
operators, including at least one on this list, also run private =
versions of the=20
DShield system.</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D936411320-27012008></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D936411320-27012008>Are =
there many=20
others? </SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D936411320-27012008></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D936411320-27012008>Do any =
or most=20
network operators have some sort of private current block list that gets =
pushed=20
out to routers and or firewalls/traffic shapers in real=20
time?</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D936411320-27012008></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D936411320-27012008>I'm =
the CTO and=20
founder of ThreatSTOP (<A=20
href=3D"http://www.threatstop.com">www.threatstop.com</A>), and we're =
currently=20
propagating the DShield, and some other, block lists for use in =
firewalls. I'm=20
interested in gathering additional threat information, and serving =
additional=20
communities.</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D936411320-27012008></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D936411320-27012008>Is =
there any=20
interest in a collaborative platform where anonymized candidates for =
blocking=20
would be submitted by a trusted group, and then propagated out to the =
whole=20
group?</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D936411320-27012008></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D936411320-27012008>I'd be =
happy to=20
collect responses anonymously and submit a summary back to the list, if =
people=20
don't want to open this up on the list.</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D936411320-27012008></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D936411320-27012008></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D936411320-27012008></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV></BODY></HTML>
------_=_NextPart_001_01C86122.32385F12--
