[50408] in North American Network Operators' Group
RE: Bogon list or Dshield.org type list
daemon@ATHENA.MIT.EDU (Phil Rosenthal)
Sat Jul 27 20:20:17 2002
Reply-To: <pr@isprime.com>
From: "Phil Rosenthal" <pr@isprime.com>
To: "'alsato'" <alsato@hotpop.com>, <nanog@merit.edu>
Date: Sat, 27 Jul 2002 20:19:47 -0400
In-Reply-To: <004601c235ca$d0258160$5c15a8c0@altrio.com>
Errors-To: owner-nanog-outgoing@merit.edu
This is a multi-part message in MIME format.
------=_NextPart_000_0062_01C235AA.F436F4F0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
I can comment on the dshield list.
I have seen this before. I am checking one particular IP on my network
that has a very popular freehost on it. Checking the load balancer IP
(connections cannot be originated from this IP) -- it shows that there
were 13 attacks initiated from the IP, and 7 targets. Whatever their
algorithm is, it doesn't seem reliable enough for me to trust it if an
IP that can not originate connections is listed as an attacker (albeit
small on their list)
--Phil
-----Original Message-----
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of
alsato
Sent: Saturday, July 27, 2002 8:08 PM
To: nanog@merit.edu
Subject: Bogon list or Dshield.org type list
Im wondering how many of you use Bogon Lists and
http://www.dshield.org/top10.html type lists on your routers? Im
curious to know if you are an ISP with customers or backbone provider
or someone else? I have a feeling not many people use these on routers?
Im wondering why or why not?
Ive never used them on my routers although I work for a new isp/cable
provider. Im thinking it would make my users happy to use them though.
alsato
------=_NextPart_000_0062_01C235AA.F436F4F0
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<TITLE>Message</TITLE>
<META content=3D"MSHTML 6.00.2800.1079" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><SPAN class=3D388351700-28072002><FONT face=3DArial color=3D#0000ff =
size=3D2>I can=20
comment on the dshield list.</FONT></SPAN></DIV>
<DIV><SPAN class=3D388351700-28072002><FONT face=3DArial color=3D#0000ff =
size=3D2>I have=20
seen this before. I am checking one particular IP on my network =
that has a=20
very popular freehost on it. Checking the load balancer IP =
(connections=20
cannot be originated from this IP) -- it shows that there were 13 =
attacks=20
initiated from the IP, and 7 targets. Whatever their algorithm is, =
it=20
doesn't seem reliable enough for me to trust it if an IP that can not =
originate=20
connections is listed as an attacker (albeit small on their=20
list)</FONT></SPAN></DIV>
<DIV><SPAN class=3D388351700-28072002><FONT face=3DArial color=3D#0000ff =
size=3D2>--Phil</FONT></SPAN></DIV>
<BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px">
<DIV></DIV>
<DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr =
align=3Dleft><FONT=20
face=3DTahoma size=3D2>-----Original Message-----<BR><B>From:</B>=20
owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] <B>On Behalf Of=20
</B>alsato<BR><B>Sent:</B> Saturday, July 27, 2002 8:08 =
PM<BR><B>To:</B>=20
nanog@merit.edu<BR><B>Subject:</B> Bogon list or Dshield.org type=20
list<BR><BR></FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Im wondering how many of you use =
Bogon Lists and=20
<A=20
=
href=3D"http://www.dshield.org/top10.html">http://www.dshield.org/top10.h=
tml</A> type=20
lists on your routers? Im curious to know if you are an =
ISP with=20
customers or backbone provider or someone else? I have a feeling =
not=20
many people use these on routers? Im wondering why or why=20
not? </FONT></DIV>
<DIV><FONT face=3DArial size=3D2> Ive never used them on my =
routers although=20
I work for a new isp/cable provider. Im thinking it would make =
my users=20
happy to use them though.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial =
size=3D2>alsato</FONT></DIV></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_0062_01C235AA.F436F4F0--
