On Tue, 21 Feb 2006 16:03:56 +0000 "Robert P. McKenzie" <[EMAIL PROTECTED]> wrote:
> James Lay wrote: > > So ok.....I'm completely positive I didn't make myself clear at all > > in my previous message...go me! Here's a web site that I did > > manage to find that has a current list of open proxies: > > > > http://www.samair.ru/proxy/index.htm > > > > My hope is that I could find a site that has a list of currently > > reported open proxies, scanners, and ssh brute force boxes. The > > RBL's pretty much have smtp covered. I would run a cron job at > > midnight, wget and grep the file, then create an iptables table to > > block those hosts. This is an attempt to be more proactive then > > reactive...if I knew those hosts that were actively doing naughty > > things, why not block them at the get go? > > > > Does this make sense? Am I barking up the wrong tree? Thanks all > > =) > > It's clear, however, as others have pointed out it's far easier to > block everything and then selectivily allow what you want to talk to > you. How do you think iptables will react if you have say 20,000 > entries in it? My guess is it will slow your machines down. > > Go the sensible route and block everything and permit the much > smaller list of hosts to connect to you. > Robert, I do understand this, however this would not fit well for services that are for public use..IE web or email I could not simply just deny everyone. But for ports that I do NOT want the public to see you bet...block all is the way to go. Thank you! James _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
