[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Using DShield.org Block list (Raq 550) iptables

Subject: [cobalt-security] Using DShield.org Block list (Raq 550) iptables
From: "Matthew Goade" <mgoade@xxxxxxxxxx>
Date: Thu, 22 May 2003 11:23:39 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hello,
I'm trying to use the get_block.pl script to implement the recommended block
list generated by DShield.org.

Upon executing the script I get
# ./get_block.pl
Retrieve block list...
Retrieve block list signature...
Use of uninitialized value in concatenation (.) at ./get_block.pl line 69.
Check signature...
Could not find a valid trust path to the key.  Let's see whether we
can assign some missing owner trust values.

No path leading to one of our keys found.

Cleanup iptable 'blocklist'...
iptables: Chain already exists
Populate blocklist...
Apparently... done.

If I now do
#iptables -L

Chain blocklist (0 references)
target     prot opt source               destination
DROP       all  --  218.80.60.0/24       anywhere
DROP       all  --  209.225.31.0/24      anywhere
DROP       all  --  YahooBB219033066000.bbtec.net/24  anywhere
DROP       all  --  65.242.241.0/24      anywhere
DROP       all  --  192.117.116.0/24     anywhere
DROP       all  --  q000.spacelan.ne.jp/24  anywhere
DROP       all  --  218.102.92.0/24      anywhere
DROP       all  --  151.155.152.0/24     anywhere
DROP       all  --  194.149.133.0/24     anywhere
DROP       all  --  216.12.65.0/24       anywhere
DROP       all  --  210.85.211.0/24      anywhere
DROP       all  --  YahooBB219174076000.bbtec.net/24  anywhere
DROP       all  --  202.101.236.0/24     anywhere
DROP       all  --  24.65.26.0/24        anywhere
DROP       all  --  204.196.19.0/24      anywhere
DROP       all  --  YahooBB219002052000.bbtec.net/24  anywhere
DROP       all  --  c-24-118-211-0.mn.client2.attbi.com/24  anywhere
DROP       all  --  218.21.140.0/24      anywhere
DROP       all  --  208.163.141.0/24     anywhere
DROP       all  --  216.25.171.0/24      anywhere
RETURN     all  --  anywhere             anywhere


Good, looks like it's working. My question is, is there any further tuning I
should do to make get_block.pl complain less? Is anyone else using this? All
comments welcome!

Thank you all.

Prev by Date: RE: [cobalt-security] Backup Raq 500
Next by Date: Re: [cobalt-security] Sun's Killing off the Cobalt Appliance Family...
Previous by thread: RE: [cobalt-security] Backup Raq 500
Next by thread: [cobalt-security] SSL on Cobalt Qube3

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index