[50416] in North American Network Operators' Group
Re: Bogon list or Dshield.org type list
daemon@ATHENA.MIT.EDU (John Palmer (NANOG Acct))
Sun Jul 28 10:38:00 2002
From: "John Palmer (NANOG Acct)" <nanog@adns.net>
To: <nanog@merit.edu>
Date: Sun, 28 Jul 2002 09:35:40 -0500
Errors-To: owner-nanog-outgoing@merit.edu
Yes - DSHEILD has our ORSC root server listed as well. I thought that was hilarious.
----- Original Message -----
From: "Charles Sprickman" <spork@inch.com>
To: "Johannes Ullrich" <jullrich@sans.org>
Cc: <nanog@merit.edu>
Sent: Sunday, July 28, 2002 2:36 AM
Subject: Re: Bogon list or Dshield.org type list
>
> I looked up a nameserver that I once worked with and found that it is
> "attacking" from port 53. Needless to say, it's not hacked, it's
> answering queries.
>
> Charles
>
> --
> Charles Sprickman
> spork@inch.com
>
>
> On Sat, 27 Jul 2002, Johannes Ullrich wrote:
>
> >
> >
> > I do not recommend adding every IP listed at DShield to your filter.
> > We do publish a 'block list', of the worst networks (based on reports
> > for the last 5 days).
> >
> > Quick note on our methods: We basically aggregate firewall logs and
> > offer summarized reports. The reports should allow everyone to apply
> > their own judgment.
> >
> > For the block list:
> > http://www.dshield.org/block_list_info.html
> >
> >
> >
> > On Sat, 27 Jul 2002 20:19:47 -0400
> > "Phil Rosenthal" <pr@isprime.com> wrote:
> >
> > > I can comment on the dshield list.
> > > I have seen this before. I am checking one particular IP on my network
> > > that has a very popular freehost on it. Checking the load balancer IP
> > > (connections cannot be originated from this IP) -- it shows that there
> > > were 13 attacks initiated from the IP, and 7 targets. Whatever their
> > > algorithm is, it doesn't seem reliable enough for me to trust it if an
> > > IP that can not originate connections is listed as an attacker (albeit
> > > small on their list)
> > > --Phil
> > >
> > > -----Original Message-----
> > > From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of
> > > alsato
> > > Sent: Saturday, July 27, 2002 8:08 PM
> > > To: nanog@merit.edu
> > > Subject: Bogon list or Dshield.org type list
> > >
> > >
> > >
> > > Im wondering how many of you use Bogon Lists and
> > > http://www.dshield.org/top10.html type lists on your routers? Im
> > > curious to know if you are an ISP with customers or backbone provider
> > > or someone else? I have a feeling not many people use these on routers?
> > > Im wondering why or why not?
> > > Ive never used them on my routers although I work for a new isp/cable
> > > provider. Im thinking it would make my users happy to use them though.
> > >
> > >
> > > alsato
> > >
> > >
> >
> >
> > --
> > ---------------------------------------------------------------
> > jullrich@sans.org Collaborative Intrusion Detection
> > join http://www.dshield.org
> >
>
>
