compromized host list available

Folks,

I've developed a tool to pull together a bunch of information from DNSRBLs and mix it with a BGP feed, the result is that upon request I can generate a report of all the compromised hosts on your network as seen by various DNSRBLs.

reports are available daily in pdf, text, csv, and excel. they are all a bit chunky but should be helpful.

contact me off list, if you would like to get a daily report for your ASN. You will be required to prove you are associated with and responsible for the ASN you want a report for.

The report are free so this isn't a commercial =) honestly I hope the stuff helps.

-rick

Unless you have personally verified each entry, you would do well to add
a disclaimer that DNSRBLs are not 100% reliable, eh?

> Folks,
>
> I've developed a tool to pull together a bunch of information from
> DNSRBLs and mix it with a BGP feed, the result is that upon request I
> can generate a report of all the compromised hosts on your network as
> seen by various DNSRBLs.

...

Unless you have personally verified each entry, you would do well to add
a disclaimer that DNSRBLs are not 100% reliable, eh?

Well there is that, but that should be implicit in pretty much every
report you get that $this or $that host is compromised. This is just a
convenient offering to say "someone out there thinks one of your
machines is holed. You might want to check that out." I'm good friends
with some fully-automated blackholing mechanisms, and even I'm not
crazy enough to just blackhole my own machines on someone else's
say-so.

CK

Unless I'm mistaken (and my first report hasn't arrived yet, so maybe I am) this is more of a "heads up! the following addresses within your network are listed on DNSBLs" than anything else.

I can't see why you'd add a disclaimer to a report like that.

Joe

...

Unless I'm mistaken (and my first report hasn't arrived yet, so maybe I
am) this is more of a "heads up! the following addresses within your
network are listed on DNSBLs" than anything else.

I can't see why you'd add a disclaimer to a report like that.

...

The announcement didn't state the intended use - which, given the
ingenuity of some, is most reasonable. But there are those who will
believe whatever they read, as long as it's in a report, and especially
if the report is automatically generated. Must be true, then, eh? A
report, eh? And done by one of them infallible computer dinguses, eh?

[in case anyone needed it]

I don't see why the reliability/reputation of a dnsbl changes the trueness
of "this host is listed in this dnsbl".

That is, I agree with Joe

--- Joseph S D Yao <jsdy@center.osis.gov> wrote:

Unless you have personally verified each entry, you would do well to add
a disclaimer that DNSRBLs are not 100% reliable, eh?

And what on the net is?
I’m all for people dealing with “badly managed” boxes at various levels.

While some data may be stale/wrong, and DNSRBL
isn’t the "perfect" mechanism to distribute this
information, it works "well enough".

The internet was built on the (well proven) theory that
things are unreliable, and we should do things that we think
will help get more uptime, upses, back up gen sets, HSRP,
alt-paths, alt-routes, back up data centers, etc.
All of witch have at least one gotya.

If you do not understand the limits if the tools
That you are using, you might be a windows admin
(if " fsck –y " describes how you deal with relationship issues
you might be a unix admin , or you just can’t be bothered.

More tools and information are a good thing,
but how/where you chose to use a sawzall is up to you.
http://www.milwaukeetool.com/us/en/news.nsf/vwFeaturedProducts/4CBA61C6E299F75D86256FEB0072211D?OpenDocument

The packets that you allow across YOUR
slice of the net are also up to you.

I believe that this tool is best used as an "outsiders view" into
your space to see what is going on _inside your network_ ,
based on the behavior observed by others. (hay rick, can you do a
tool like this to help us (well me) with social skills?)

If you’re the kind of person who complies when some one says
"go BLEEP yourself" perhaps the internet is not a place for you,
And perhaps blindly following the info that any tool gives out
is not the best thing for you or your network.
Use your brain, not just the tool.

Missing the days of John Postel
http://www.usc.edu/webcast/events/postel/
http://www.isoc.org/postel/
-charles

http://www.catb.org/~esr/faqs/smart-questions.html

...

I don't see why the reliability/reputation of a dnsbl changes the
trueness
of "this host is listed in this dnsbl".

That is, of course, all that the report says [per the announcement].
But who knows how it might be interpreted, especially by PHBs? ;-]

That is, I agree with Joe

O K .

...

More tools and information are a good thing,
but how/where you chose to use a sawzall is up to you.
http://www.milwaukeetool.com/us/en/news.nsf/vwFeaturedProducts/4CBA61C6E299F75D86256FEB0072211D?OpenDocument

Yes, but I usually make sure that the safety attachments on my sawzall
and other saws are well fastened on, and the saws fastened down in the
correct compartment of my ladder truck.

...

If you???re the kind of person who complies when some one says
"go BLEEP yourself" perhaps the internet is not a place for you,
And perhaps blindly following the info that any tool gives out
is not the best thing for you or your network.
Use your brain, not just the tool.

...

There's more than just knowledgeable folks out there, these days!

Missing the days of John Postel

Aren't we all.

The announcement didn't state the intended use - which, given the
ingenuity of some, is most reasonable. But there are those who will
believe whatever they read, as long as it's in a report, and especially
if the report is automatically generated. Must be true, then, eh? A
report, eh? And done by one of them infallible computer dinguses, eh?

did you receive or read it on the net? if so, question it. if you
are a fool, you'll ignore any warnings.

just gimme the list please

randy