Full Disclosure: Re: Compromised hosts lists

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: Compromised hosts lists

From: Valdis.Kletnieks () vt edu
Date: Mon, 20 Feb 2006 22:40:00 -0500

On Mon, 20 Feb 2006 16:55:06 MST, James Lay said:

I had heard tale of a site that had a semi-updated list of compromised
hosts.  I was hoping that someone knows that link...would LOVE to be
able to get my firewall to get this list and auto-create an iptables
rule.  Thanks all!


That's ass backwards.

The secure way to do this is to first deny *all* traffic, and then add
specific rules for machines that you *do* want to talk to.

Think for a bit - if some random cablemodem in another timezone is on the list,
why should you stop packets from it?  Why would you want to accept packets
*before* it showed up on the list?  Why do you still want to accept packets
from *other* boxes in the same /24 or /16?

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Compromised hosts lists James Lay (Feb 20)
- Re: Compromised hosts lists Jason Coombs (Feb 20)
- Re: Compromised hosts lists Gadi Evron (Feb 20)
- Re: Compromised hosts lists Valdis . Kletnieks (Feb 20)
  - Re: Compromised hosts lists James Lay (Feb 21)
    - Re: Compromised hosts lists Valdis . Kletnieks (Feb 21)
  - Re: Compromised hosts lists Frank Knobbe (Feb 21)
    - Re: Compromised hosts lists Valdis . Kletnieks (Feb 21)
- <Possible follow-ups>
- Re: Compromised hosts lists security czar (Feb 22)