[Cerowrt-devel] router hardening

[Cerowrt-devel] router hardening

[Dave Täht]

One of my issues with blindly applying techniques to block certain IPs
is trusting the sources of the data - many people have ended up on a
blocklist that shouldn't have.

That said, ipset is so effective and so scalable, that perhaps deploying
this by default

http://www.linuxjournal.com/content/server-hardening?page=0,1

would be a good idea.

Are there any more ipv6 specific blocklists out there?

Re: [Cerowrt-devel] router hardening

[Alan Jenkins]

On 18/01/2016, Dave Täht <dave@taht.net> wrote:
> One of my issues with blindly applying techniques to block certain IPs
> is trusting the sources of the data - many people have ended up on a
> blocklist that shouldn't have.
>
> That said, ipset is so effective and so scalable, that perhaps deploying
> this by default
>
> http://www.linuxjournal.com/content/server-hardening?page=0,1
>
> would be a good idea.
>
> Are there any more ipv6 specific blocklists out there?

Note the RBN list it links to says it's obsolete for 2 years.  (Other
Emerging Threat lists are available, as transparent aggregation of a
very small number of trusted sources.  Still useful but rather less
ambitious.  Unfortunately the documentation still describes the
obsolete lists.  Maybe somewhere else is more active).

It sounds like one needs a list to stay up to date on which blocklists
to use :).

Alan