On Thu, Jul 06, 2000 at 07:35:19PM -0400, Mark Mentovai wrote:
If break-ins is what you're trying to avoid, a blacklist would be a terrible idea. The proper way to prevent break-ins is not to block communications with certain sites, but to fix broken software and poorly configured systems so that any break-in attempts will be unsuccessful. A blacklist would only encourage your would-be attacker to employ additional intermediaries, thereby potentially causing more damage for more people while making the ultimate source more difficult to trace.
If your attacker is somebody who decided he wanted in your site no matter what, and is engaged in a concerted attack on specifically you, that might be true. If your attacker is Joe Random Script Kiddie, who spotted you running Vulnerability Of the Week and is trying the few exploits he could get to compile, you're wrong. The most effective anti-hacking measure I ever undertook was blocking the entire .kr domain in hosts.deny. It cut attempts by more than 50%. (Before anybody jumps on me, the network in question had no users with a legitimate need to connect from Korea, and your mileage almost assuredly varies.)