[Gllug] Lists of bad IPs?
Alistair Mann
gllug at lgeezer.net
Sun Sep 14 23:04:23 UTC 2008
Richard Jones wrote:
> So ... What is the current state of databases of "bad" IPs? I'm aware
> of DenyHosts but they seem to concentrate on port 22, and in any case
> I'm suspicious of their policies for adding IPs and you can't just
> download the list.
Which would seem to make sense -- Alice would know instantly were one
her zombies on the list, and instruct it to forgoe attacks. When the
zombie came off the list, the attacks could then resume. This would give
her zombie an effective operational window the size and period of the IP
list update cycle. By not making the list downloadable, the zombie
cannot help but constantly reveal its presence, and thus give it no
operational period other than its first.
> Are there any others? Anyone yet doing a reputation / voting system
> for bad IPs, across a wide range of suspicious activity? What, if
> anything, are people using?
tail and -j DENY, personally. I'm not sure what I would do with a
blackhole of IP addresses ... I can imagine worst cases though. What if,
for instance, someone tried to access a domestic violence forum for
support from an unwittingly infected machine? Presumably you too would
err on the site of openness, and use some additional measure. But then,
why not just use the additional measure on its own, when the IP address
alone is not necessarily conclusive as to malintent? The so-called
reCaptcha is an interesting alternative measure -- catch the cheats and
digitise books all in one!
Cheers,
--
Alistair Mann
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list