On Sun, 27 Jan 2008 12:21:27 PST, "Tomas L. Byrnes" said:
I'm the CTO and founder of ThreatSTOP (www.threatstop.com), and we're currently propagating the DShield, and some other, block lists for use in firewalls. I'm interested in gathering additional threat information, and serving additional communities.
Is there any interest in a collaborative platform where anonymized candidates for blocking would be submitted by a trusted group, and then propagated out to the whole group?
http://www.ranum.com/security/computer_security/editorials/dumb/ This illustrates dumb idea #2. Explain to me how you intend to enumerate enough of the "bad" hosts out there that such a blocklist would help, while still having it small enough that you don't blow out the RAM on whatever device you're installing it on. Have you *tested* whatever iptables/ipf/ACL for proper operation with 10 million entries?