Block Top 10 Source IP's

Discussion in 'other security issues & news' started by Dazed_and_Confused, Jul 4, 2004.

Thread Status:
Not open for further replies.
  1. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    The Internet Storm Center regularly tracks the most prevalent attacks and the source IP's. Would anyone agree its reasonable prevention to block these IP addresses using ones firewall?
     
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Your firewall should be blocking these unsolicited inbounds already, any particular reason for creating specific rules? No logging? Restricting outbound to these IP's?

    Regards,

    CrazyM
     
  3. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Understood, Crazy. Your right that I've got plenty of anti-malware tools. However, just because one has an AV doesn't always mean they won't get sick with a virus. So I was thinking if these were IP addresses of the bad guys, why not block them as an additional precaution. I'm just asking. :(
     
  4. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Some could be IP's of the culprits, most are probably just compromised systems.

    If just making sure these inbound scans are blocked is your objective, then I do not feel adding such a list would be of benefit, only add unnecessary clutter to your firewall rule set. There would also be the matter of maintenance, that ISC top ten likely changes hourly, let alone daily, weekly, monthly. How would you maintain this?

    My preference has always been to keep the firewall rule set as small and manageable as possible, focussing on permit rules, let firewall deny everything else not allowed. That is just my approach, everyone has their own ;)

    Never any harm in asking :)

    Regards,

    CrazyM
     
  5. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA

    Good points, CrazyM. Thanks for the feedback! :)
     
Loading...
Thread Status:
Not open for further replies.