From: Alan Jenkins <alan.christopher.jenkins@gmail.com>
To: "Dave Täht" <dave@taht.net>
Cc: cerowrt-devel@lists.bufferbloat.net
Subject: Re: [Cerowrt-devel] router hardening
Date: Tue, 19 Jan 2016 09:29:05 +0000 [thread overview]
Message-ID: <CANmMgnFMUtx17Q_Tn42H=QKX0rC3q5KbsnCDkVub9jkCnBM1qA@mail.gmail.com> (raw)
In-Reply-To: <569D3078.7050605@taht.net>
On 18/01/2016, Dave Täht <dave@taht.net> wrote:
> One of my issues with blindly applying techniques to block certain IPs
> is trusting the sources of the data - many people have ended up on a
> blocklist that shouldn't have.
>
> That said, ipset is so effective and so scalable, that perhaps deploying
> this by default
>
> http://www.linuxjournal.com/content/server-hardening?page=0,1
>
> would be a good idea.
>
> Are there any more ipv6 specific blocklists out there?
Note the RBN list it links to says it's obsolete for 2 years. (Other
Emerging Threat lists are available, as transparent aggregation of a
very small number of trusted sources. Still useful but rather less
ambitious. Unfortunately the documentation still describes the
obsolete lists. Maybe somewhere else is more active).
It sounds like one needs a list to stay up to date on which blocklists
to use :).
Alan
prev parent reply other threads:[~2016-01-19 9:29 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-18 18:35 Dave Täht
2016-01-19 9:29 ` Alan Jenkins [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CANmMgnFMUtx17Q_Tn42H=QKX0rC3q5KbsnCDkVub9jkCnBM1qA@mail.gmail.com' \
--to=alan.christopher.jenkins@gmail.com \
--cc=cerowrt-devel@lists.bufferbloat.net \
--cc=dave@taht.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox