[29775] in North American Network Operators' Group
Re: RBL-type BGP service for known rogue networks?
daemon@ATHENA.MIT.EDU (Shawn McMahon)
Thu Jul 6 23:42:19 2000
Date: Thu, 6 Jul 2000 21:42:12 -0400
From: Shawn McMahon <smcmahon@eiv.com>
To: nanog@merit.edu
Message-ID: <20000706214212.A17898@eiv.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="ew6BAiZeqk4r7MaW"
Content-Disposition: inline
In-Reply-To: <Pine.GSO.4.21.0007061927001.3129-100000@oak.ggn.net>; from marklist@ggn.net on Thu, Jul 06, 2000 at 07:35:19PM -0400
Errors-To: owner-nanog-outgoing@merit.edu
--ew6BAiZeqk4r7MaW
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Jul 06, 2000 at 07:35:19PM -0400, Mark Mentovai wrote:
>=20
> If break-ins is what you're trying to avoid, a blacklist would be a terri=
ble
> idea. The proper way to prevent break-ins is not to block communications
> with certain sites, but to fix broken software and poorly configured syst=
ems
> so that any break-in attempts will be unsuccessful. A blacklist would on=
ly
> encourage your would-be attacker to employ additional intermediaries,
> thereby potentially causing more damage for more people while making the
> ultimate source more difficult to trace.
If your attacker is somebody who decided he wanted in your site no matter w=
hat,
and is engaged in a concerted attack on specifically you, that might be tru=
e.
If your attacker is Joe Random Script Kiddie, who spotted you running Vulne=
rability
Of the Week and is trying the few exploits he could get to compile, you're
wrong.
The most effective anti-hacking measure I ever undertook was blocking the e=
ntire
=2Ekr domain in hosts.deny.
It cut attempts by more than 50%.
(Before anybody jumps on me, the network in question had no users with a le=
gitimate
need to connect from Korea, and your mileage almost assuredly varies.)
--ew6BAiZeqk4r7MaW
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE5ZTV0Ecl9bQ0RMt0RAszhAJ9zXxP8o5+Nhw4/OTxtyO/MYUc9agCdHHP5
Yu2H4QeEBHurb0zsS2PNND0=
=mc+J
-----END PGP SIGNATURE-----
--ew6BAiZeqk4r7MaW--
