[nsp-sec] IMPORTANT: DDoS-RS Reminders
SURFcert - Peter
p.g.m.peters at utwente.nl
Mon Dec 13 07:25:15 EST 2010
Huopio Kauto wrote on 2010-12-13 10:11:
> ----------- nsp-security Confidential --------
>
>> The text feed provides a large amount of
>> information about these hosts, including what we call the "services
>> bit", a flag indicating whether or not non-IRC services are known to
>> exist on a host. These are usually web services. The BGP feed, of
>> course, cannot provide all of this information, it is simply a list of
>> /32s provided via eBGP. It is important to note, though,
>> that any hosts
>> with the services bit set (ie, hosts with non-IRC services on
>> them) are
>> NOT advertised via the BGP feed - consumers of the DDoS-RS
>> will have to
>> use the text feed if they wish to take action on hosts with
>> the services
>> bit set, as we feel the more conservative policy is best on
>> the BGP feed.
> Now the tricky bit here: if an IRC server is used to C&C activity
> _and_ as a discussion forum for a whatever group/groups, what is the
> criteria
> to list or not to list?
Regarding this I have complaints from a customer who is claiming the IRC
servers he is using are legitimate. He was blocked because his computer
contacted them. The servers in question are 173.192.206.141 and
178.63.172.193.
--
Peter Peters /------\ SURFnet bv
SURFcert | SURF | cert.surfnet.nl
cert at surfnet.nl \-----\ \-----\ Postbus 19035
PGP Key ID 0x5A52C966 | CERT | NL-3501 DA Utrecht
+31 30 2305 305 \------/ fax: +31 30 2305 329
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 543 bytes
Desc: OpenPGP digital signature
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20101213/8ffb52a8/attachment-0001.sig>
More information about the nsp-security
mailing list