On Apr 8, 2010, at 8:05 PM, Brielle Bruns wrote:
Since there's been alot of requests for the ACLs, i've gone ahead and put the info on our wiki for easy access.
http://wiki.sosdg.org/sosdg:internal:chinafilter
Hope it comes in handy, and please let me know if i'm missing anything.
If you're going to post this and folks are actually going to consider employing it I suspect it'd be well worthwhile to include on that page how you generated it and how you keep it updated -- so that it can be updated by others as necessary. Additionally, folks should note that this policy would have made zero difference in this particularly incident, most of you likely realize that. Furthermore, a policy such as this does nothing to mitigate exfiltration of data TO those address blocks you've listed. FWIW, this is a lot like putting a bandaid on a headache - it's not going to do much good in reality, and likely cause more harm than good in properly secured networks - but it might make some folks feel a little better. -danny