[50411] in North American Network Operators' Group
Re: Bogon list or Dshield.org type list
daemon@ATHENA.MIT.EDU (Johannes Ullrich)
Sat Jul 27 22:52:26 2002
Date: Sat, 27 Jul 2002 22:48:43 -0400
From: "Johannes Ullrich" <jullrich@sans.org>
To: pr@isprime.com
Cc: alsato@hotpop.com, nanog@merit.edu
In-Reply-To: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAA/zNkI7d3EEmn3+v5DgN/l8KAAAAQAAAARBy/BlD470iH3yErzHpDnwEAAAAA@isprime.com>
Errors-To: owner-nanog-outgoing@merit.edu
I do not recommend adding every IP listed at DShield to your filter.
We do publish a 'block list', of the worst networks (based on reports
for the last 5 days).
Quick note on our methods: We basically aggregate firewall logs and
offer summarized reports. The reports should allow everyone to apply
their own judgment.
For the block list:
http://www.dshield.org/block_list_info.html
On Sat, 27 Jul 2002 20:19:47 -0400
"Phil Rosenthal" <pr@isprime.com> wrote:
> I can comment on the dshield list.
> I have seen this before. I am checking one particular IP on my network
> that has a very popular freehost on it. Checking the load balancer IP
> (connections cannot be originated from this IP) -- it shows that there
> were 13 attacks initiated from the IP, and 7 targets. Whatever their
> algorithm is, it doesn't seem reliable enough for me to trust it if an
> IP that can not originate connections is listed as an attacker (albeit
> small on their list)
> --Phil
>
> -----Original Message-----
> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of
> alsato
> Sent: Saturday, July 27, 2002 8:08 PM
> To: nanog@merit.edu
> Subject: Bogon list or Dshield.org type list
>
>
>
> Im wondering how many of you use Bogon Lists and
> http://www.dshield.org/top10.html type lists on your routers? Im
> curious to know if you are an ISP with customers or backbone provider
> or someone else? I have a feeling not many people use these on routers?
> Im wondering why or why not?
> Ive never used them on my routers although I work for a new isp/cable
> provider. Im thinking it would make my users happy to use them though.
>
>
> alsato
>
>
--
---------------------------------------------------------------
jullrich@sans.org Collaborative Intrusion Detection
join http://www.dshield.org
