To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Quoting Peter Blair <[EMAIL PROTECTED]>:
> At 21 September, 2007 Jonathan Yarden wrote: >> Although this seems to be yet another conspiracy theorist hard at work, >> there are some interesting issues raised. Not the least of which is why is >> it that network equipment manufacturers are still doing static rule-based >> access control when clearly a distributed approach could be easily done? >> After all, what is an RBL but a DNS-based distributed access list? >> >> Granted, while I don't work for a transit carrier and manage a mere OC-3 >> worth of data to a few thousand end-users, it would be nice to have an >> IP-granular "kill-switch" system that I could use to signal an upstream >> router to stop sending data from a network or ASN because it's causing me >> problems. I can do it already at the host level with a system I fudged >> together, but the data still comes into my network before I can drop it. > Off hand, does anyone maintain a list of vendors/network-devices that > support anything simillar to the drop-project? (Other than what is > listed on the site to fudge cisco into using it) > > http://www.spamhaus.org/drop/ I run the autoshun project. www.autoshun.org. we are a coalition of IDS administrators who share our data in real time and combine the results. Plus we can automatically push realtime updates (shuns) to firewalls and routers. For anybody who wants to use the shunlist, it is provided on a daily update in CSV and HTML. It is controversial and always triggers a flame war (IDS vs IPS; shunning in general; or whatever). personally, I think the numbers indicate that the autoshun algorithms work very well. but them I'm totally biased. It really is a distributed IPS, where we can even pick up fragments of an attack at one sensor, then correlate another fragment from a different location, thereby reducing the ability of malware to fly under-the-radar. ------------------------------------------------- Email solutions, MS Exchange alternatives and extrication, security services, systems integration. Contact: [EMAIL PROTECTED] _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
