[Cerowrt-devel] router hardening
Alan Jenkins
alan.christopher.jenkins at gmail.com
Tue Jan 19 04:29:05 EST 2016
On 18/01/2016, Dave Täht <dave at taht.net> wrote:
> One of my issues with blindly applying techniques to block certain IPs
> is trusting the sources of the data - many people have ended up on a
> blocklist that shouldn't have.
>
> That said, ipset is so effective and so scalable, that perhaps deploying
> this by default
>
> http://www.linuxjournal.com/content/server-hardening?page=0,1
>
> would be a good idea.
>
> Are there any more ipv6 specific blocklists out there?
Note the RBN list it links to says it's obsolete for 2 years. (Other
Emerging Threat lists are available, as transparent aggregation of a
very small number of trusted sources. Still useful but rather less
ambitious. Unfortunately the documentation still describes the
obsolete lists. Maybe somewhere else is more active).
It sounds like one needs a list to stay up to date on which blocklists
to use :).
Alan
More information about the Cerowrt-devel
mailing list