Comments on: Blacklist for worm infected machines

by: Michel Arboi

Fri, 10 Jun 2005 23:45:55 +0000

AFAIK, Spamhaus XBL includes this. http://www.spamhaus.org/xbl/index.lasso
Other services like DShield or MyNetWatchMan may be helpful too.

by: Administrator

Thu, 09 Jun 2005 21:58:57 +0000

I can collect info like that, possibly. It depends what criteria you need fulfilled to include them. I’ll contact you.

by: Brian Bruns

Thu, 09 Jun 2005 21:56:52 +0000

My DNSbl (the AHBL - http://www.ahbl.org ) does accept submissions like this.

Contact me if you have lists of infected machines, and I’ll tell you what I need to get them added to the dnsbl and ircbl.

by: Dougal Campbell

Thu, 09 Jun 2005 21:26:21 +0000

It seems like I did run across a reference to a blacklist like that a couple of weeks ago. I’m about to shut my computer down, but I’ll try see if I can find it again later….

by: Brian

Thu, 09 Jun 2005 19:23:48 +0000

On my home server, I use a wonderful tool called Portsentry. If someone tries to connect to a closed port more than a couple times, they get blocked in iptables or ipchains or /etc/hosts.deny

http://sourceforge.net/projects/sentrytools

by: Administrator

Thu, 09 Jun 2005 19:07:52 +0000

I was thinking more of a blacklist with some clout, but the BISS site is excellent in its own right. Thanks! It’s sort of a blacklist for personal use. They provide a HOSTS file that includes spyware and ads servers, routing them to localhost so you won’t see their crap.

by: Tristor

Thu, 09 Jun 2005 18:44:38 +0000

I remember seeing something like this somewhere. I think it may have been one of the blocklists that B.I.S.S. hosts. Bluetack Internet Security Solutions

I was thinking that it was one of those blocklists that included known trojaned/wormed boxes that were trying to spread themselves to others. But I can’t be sure, wouldn’t hurt to check it out.