[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Compromised hosts lists

Subject: Re: [Full-disclosure] Compromised hosts lists
From: James Lay <jlay@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 21 Feb 2006 07:09:58 -0700

On Mon, 20 Feb 2006 22:40:00 -0500
Valdis.Kletnieks@xxxxxx wrote:

> On Mon, 20 Feb 2006 16:55:06 MST, James Lay said:
> > I had heard tale of a site that had a semi-updated list of
> > compromised hosts.  I was hoping that someone knows that
> > link...would LOVE to be able to get my firewall to get this list
> > and auto-create an iptables rule.  Thanks all!
> 
> That's ass backwards.
> 
> The secure way to do this is to first deny *all* traffic, and then add
> specific rules for machines that you *do* want to talk to.
> 
> Think for a bit - if some random cablemodem in another timezone is on
> the list, why should you stop packets from it?  Why would you want to
> accept packets *before* it showed up on the list?  Why do you still
> want to accept packets from *other* boxes in the same /24 or /16?

I completely agree for ports that I would have closed, but obviously I
could not simply deny *all* traffic for port 25 and 80 let's say, as I
want them open to the public.

James
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Compromised hosts lists
  - From: Valdis . Kletnieks

References:
- [Full-disclosure] Compromised hosts lists
  - From: James Lay
- Re: [Full-disclosure] Compromised hosts lists
  - From: Valdis . Kletnieks

Prev by Date: Re: [Full-disclosure] Re: User Enumeration Flaw
Next by Date: [Full-disclosure] Compromised host list - some clarification...
Previous by thread: Re: [Full-disclosure] Compromised hosts lists
Next by thread: Re: [Full-disclosure] Compromised hosts lists
Index(es):
- Date
- Thread