View Poll Results: AO Security Poll : Make Your Vote Count!
- Voters
- 13. You may not vote on this poll
-
Memories and Wet Dreams
-
Smelly Humans
-
Hic! I'm Drunk
-
I Have No Life
-
March 22nd, 2005, 03:43 AM
#11
Hi frpeter...interesting post and thread. It makes for good conversation...
1. Why then is a blanket block on unresolvable IP addresses becoming increasingly popular?
Where are you getting your information? I'm not familiar with this being a regular practice, but consider it more of an extreme solution to a problem. Kind of like hitting a nail with a thermonuclear warhead.
2. Any opinions as to why ISP and the like do not atleast use a resolvable in.arpa reverse resolution? Especially considering that large blocks can be written out with a simple bash script?
Hard to say. Some government systems may intentionally not resolve. Also, and I don't know the regulations over this, but many agencies may intentionally not reverse their IP's for the purpose of client privacy and such. Hard to say.
I think it comes down to this...blocking unresolvable IPs is an option. So is instituting a white-list, black-list, ACL, etc. But just because some folks consider it an acceptable solution for THEIR situation (and maybe these folks are championing their position for whatever reason) doesn't make it a panacea for YOUR situation. I would certainly consider it a valid option if you had a limited audience for the services being presented.
For example, my client has an external FTP server specifically for business partners to push and pull (encrypted) data files through. There is a short list of partners who would use this. If we began to see suspicious activity, recon or probe attempts, etc. then instituting a policy like this would probably be a good initial step. Certainly not a complete response, and you have to be mindful of clients being cut off...but its an option.
Personally, I think I have better ways to spend my time and energy actually solving the problem. My $0.02.
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|