[82541] in North American Network Operators' Group
Re: compromized host list available
daemon@ATHENA.MIT.EDU (Chris Kuethe)
Thu Jul 21 12:28:59 2005
Date: Thu, 21 Jul 2005 10:28:08 -0600
From: Chris Kuethe <chris.kuethe@gmail.com>
Reply-To: Chris Kuethe <chris.kuethe@gmail.com>
To: Rick Wesson <wessorh@ar.com>, nanog@merit.edu
In-Reply-To: <20050721160231.GA609@core.center.osis.gov>
Errors-To: owner-nanog@merit.edu
On 7/21/05, Joseph S D Yao <jsdy@center.osis.gov> wrote:
>=20
> On Wed, Jul 20, 2005 at 04:32:09PM -0700, Rick Wesson wrote:
> > Folks,
> >
> > I've developed a tool to pull together a bunch of information from
> > DNSRBLs and mix it with a BGP feed, the result is that upon request I
> > can generate a report of all the compromised hosts on your network as
> > seen by various DNSRBLs.
...
> Unless you have personally verified each entry, you would do well to add
> a disclaimer that DNSRBLs are not 100% reliable, eh?
Well there is that, but that should be implicit in pretty much every
report you get that $this or $that host is compromised. This is just a
convenient offering to say "someone out there thinks one of your
machines is holed. You might want to check that out." I'm good friends
with some fully-automated blackholing mechanisms, and even I'm not
crazy enough to just blackhole my own machines on someone else's
say-so.
CK
--=20
GDB has a 'break' feature; why doesn't it have 'fix' too?
