[geeks] .hk, .cn, .info considered harmful
Phil Stracchino
alaric at metrocast.net
Thu Jun 5 13:36:21 CDT 2008
Mike Meredith wrote:
> On Thu, 05 Jun 2008 08:32:19 -0400, Phil Stracchino wrote:
>> Everyone's probably seen the report by now, citing that in these three
>> worst TLDs, as many as one site in ten carries a payload of malware.
>> So, since the kids aren't good at paying attention to such things, I
>> decided in the interest of safety to block all traffic to and from
>> those TLDs at the firewall.
>
> Is this web traffic ?
The survey related to web traffic, yes. But I'm tired of blocking first
email, then web, then ... I want to just blackhole them, period. And
that's what I've now done.
> This seems like more work (setup a proxy, configure clients
> (automatically via dhcp), block unproxied web traffic), but may save
> work in the long run. Populating a firewall ruleset with netblocks that
> constantly change is a lot of work.
Well, yeah. There will be netmap maintenance involved.
> As to the 'firewall' route, one hypothetical method would be to obtain
> a full BGP feed and route all addresses with an ASN owned by China
> to /dev/null. No idea how feasible that would be though.
There is that. Right now, I'm not doing BGP.
--
Phil Stracchino, CDK#2 DoD#299792458 ICBM: 43.5607, -71.355
alaric at caerllewys.net alaric at metrocast.net phil at co.ordinate.org
Renaissance Man, Unix ronin, Perl hacker, Free Stater
It's not the years, it's the mileage.
More information about the geeks
mailing list