mailing list archives
Re: Compromised hosts lists
From: Valdis.Kletnieks () vt edu
Date: Mon, 20 Feb 2006 22:40:00 -0500
On Mon, 20 Feb 2006 16:55:06 MST, James Lay said:
I had heard tale of a site that had a semi-updated list of compromised
hosts. I was hoping that someone knows that link...would LOVE to be
able to get my firewall to get this list and auto-create an iptables
rule. Thanks all!
That's ass backwards.
The secure way to do this is to first deny *all* traffic, and then add
specific rules for machines that you *do* want to talk to.
Think for a bit - if some random cablemodem in another timezone is on the list,
why should you stop packets from it? Why would you want to accept packets
*before* it showed up on the list? Why do you still want to accept packets
from *other* boxes in the same /24 or /16?
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/