OperServ -- DSHIELD
Brought to you by:
entrope
Menu
▾
▴
#256 OperServ -- DSHIELD
DESC:
On many networks it is all too common for large areas of
a single network to be compromised in a single country,
state or area. Many user-driven and security monitoring
centers have created lists of voluntarily "bad" networks.
One such solution is provided by DShield.org -- their list
is synonomous with banning bad or troublesome
networks over the Internet until they comply and
remove certain things that allow their networks to be
abused by outsiders.
My plan, would allow OperServ to communicate with the
DShield program and allow it to download their
current "abusive network" list and translate that into a
Gline that OperServ could handle and deal with.
Information on DShield:
PUBLIC DSHIELD BLOCK LIST (.TXT format)
Logged In: YES
user_id=1061100
I thinks this may be a good idea, however instead of auto
glining them maybe they could be kept an eye on so to
speak. I think that in some cases a database of "abusive
networks" may be corrupted with incorrect entries such as
the database for peer guardian is/was. It could detect these
bad networks with this dshield db then put a leash on their
activities such as limiting their target change to extreme
levels, limiting their max channels to 5, increasing the time in
which they receive the "your host is (re)connecting too fast"
message and other limitations of that sort.
Logged In: YES
user_id=944659
Originator: NO
Using things like the Dshield list, bogan IP ranges, and other blacklists is (I feel) something that should be done on the network side (i.e. firewall/router rule). Because if an IP is truly “bad” one would want to minimize the amount of traffic exchanged and if possible not even to respond to any incoming packets.