> Are you willing to communicate with address blocks that have a > report-handling policy like this one? No, they are null-routed here (based on our own experiences, and not necessarily on unconfirmed reports on a list such as this). We typically inform the parent ISP's noc of this decision. > Do you know of a blacklist for documented networks with bad network > abuse handling policies aka. hacker friendly. http://www.rfc-ignorant.org/ lists networks that don't maintain the required abuse address, fwiw. I think that a blacklist for such networks is not a bad idea, if it can be objectively maintained in some way. In fact, I'd go beyond this and say it might be time to come up with a BGP-based blacklist (null /32's?) tied into an IDS (preferably on a network that doesn't have any real hosts, to minimize false positives, and with a timeout for entries so that infected hosts which are later cleaned aren't permanently penalized). Mike ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Dec 04 2001 - 13:04:09 PST