+ From: ericw @
fx .
com (Eric Wedaa)
+ Message-Id: <9408242122 .
AA24548 @
fxgrp .
fx .
com>
+ To: firewalls @
GreatCircle .
COM
+ Subject: Hacker's Site list
+ There seems to be a large interest in this issue (15 responses in less
+ than 24 hours). I assume that represents a larger group of people
+ who would like to see such a list, but declined to respond to email.
+ I guess this brings up the following questions:
+ How is the list formatted?
+ How do sites get on/off the list?
+ Where will the list be stored? (Not on my machine!;-)
+ I would like to suggest the following format (To be condensed and
+ abbreviated later)
+ # of complaints|Date of last
+ Site Name | Site type| received by me |complaint |Probe types|Comments
+ ----------|----------|----------------|-------------|-----------|--------
+ netcom.com|Pub Acc. | 3 | 8/24/94 |sendmail |Very aggressive against crackers/SLIP lines
+ Site types:
+ -----------
+ K12 K-12th grade school
+ JC Junior college
+ U University/college
+ PA Public Access
+ C Commercial site
+ More to be defined later
+ Probe Types:
+ ------------
+ SM Sendmail
+ FR rsh with -froot
+ FTP Attempted FTP snarf
+ BL Bogus logins (guest/root/bbs/games/etc.)
+ More to be defined later....
+ A site gets put on the list once it is reported to the list maintainer by root
+ at a site. (This at least gives us a little bit of verification.)
+ A site, once on the list, stays on the list until that site is off the net.
+ This is why the date field exists.
I _don't_ like this part of the idea. How about 'number of incidents in last 3
mo.', 'number of incidents in last 6 mo.', 'number of incidents in last year',
and a site drops of the list when there have been reports from less than two
different sites in the last year. (Okay, -you- figure out a 'cleaner' way to
say that! :)
+ And I am very interested in keeping this list of off my site if at all possible.
+ Any comments?
Follow-Ups:
|
|
