Re: [Full-disclosure] Compromised host list - some clarification...

On Tue, 21 Feb 2006 16:03:56 +0000
"Robert P. McKenzie" <rmckenzi@xxxxxxxxx> wrote:

James Lay wrote:
So ok.....I'm completely positive I didn't make myself clear at all
in my previous message...go me! Here's a web site that I did
manage to find that has a current list of open proxies:

http://www.samair.ru/proxy/index.htm

My hope is that I could find a site that has a list of currently
reported open proxies, scanners, and ssh brute force boxes. The
RBL's pretty much have smtp covered. I would run a cron job at
midnight, wget and grep the file, then create an iptables table to
block those hosts. This is an attempt to be more proactive then
reactive...if I knew those hosts that were actively doing naughty
things, why not block them at the get go?

Does this make sense? Am I barking up the wrong tree? Thanks all
=)

It's clear, however, as others have pointed out it's far easier to
block everything and then selectivily allow what you want to talk to
you. How do you think iptables will react if you have say 20,000
entries in it? My guess is it will slow your machines down.

Go the sensible route and block everything and permit the much
smaller list of hosts to connect to you.


Robert,

I do understand this, however this would not fit well for services that
are for public use..IE web or email I could not simply just deny
everyone. But for ports that I do NOT want the public to see you
bet...block all is the way to go. Thank you!

James
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • Re: [Full-disclosure] Compromised host list - some clarification...
    ... Here's a web site that I did manage to ... reported open proxies, scanners, and ssh brute force boxes. ... then create an iptables table to block those hosts. ...
    (Full-Disclosure)
  • [Full-disclosure] Compromised host list - some clarification...
    ... Here's a web site that I did manage to ... reported open proxies, scanners, and ssh brute force boxes. ... and grep the file, then create an iptables table to block those hosts. ...
    (Full-Disclosure)
  • Re: One computer cant open web site
    ... The HOSTS file did not help. ... What do you mean 'clear your TIF'? ... >>can't open the client's own web site. ... >> Richard Lewis Haggard ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Earthlink cant upload in http
    ... FP admin is extremely misunderstood by a lot of hosts. ... TRY it FIRST - before resorting to ftp, ... | I think -- but the earthlink techs say the upload must be done in ftp. ...
    (microsoft.public.publisher.webdesign)
  • Re: Guaranteed to stump the pros!!!
    ... > So, since all .example.com hosts are handled by your internal DNS, when you ... your able to hit the Web site because there is a host ... this is the weirdest problem ever! ...
    (microsoft.public.win2000.general)