Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linode.com Related Forums » Feature Request/Bug Report
  Previous topic | Next topic 
Author Message
PaulC
PostPosted: Thu Sep 11, 2003 3:26 pm 
Offline
Junior Member
User avatar

Joined: Thu Sep 11, 2003 3:11 pm
Posts: 36
Website: http://www.bod.org
Location: San Jose, CA
If you've not heard of it before, DShield is a community-based reporting database for malicious network traffic. The idea is that you submit your logs of stuff that bounced off your firewall, and when agregated with everyone else's submitted logs, a good picture of the sources is produced. Both the web site and an active mailing list are good sources of information, most of it real-time.

I can understand why you've chosen to filter ports, but on the flip side, it means I can't report activity on them to dshield.

I'm hoping you'll consider reporting that blocked traffic to dshield on behalf of all of your customers? It's not difficult to set up.

Paul
Top
   
Reply with quote  
caker
 Post subject:
PostPosted: Thu Sep 11, 2003 4:14 pm 
Offline
Linode Staff
User avatar

Joined: Tue Apr 15, 2003 6:24 pm
Posts: 3090
Website: http://www.linode.com/
Location: Galloway, NJ
Hello Paul

The data-center (ThePlanet) blocks those ports, not us :( I tried to get them to remove all the filtered ports using the same argument (that I'd rather do it myself, etc) but they wouldn't go for it. I didn't push that hard for it.

I have had success in turning filtering off for ports in which I can make a good argument for (like for a certain application, etc).

I'm inclined to keep it that way, for now; but if there is a specific port you need open and I can make a good case, I can probably get the filtering removed.

DShield looks awesome, btw :-) So many attacks from the US that the pie-chart covers the entire North America! Bad, bad kiddies...

-Chris
Top
   
Reply with quote  
PaulC
 Post subject:
PostPosted: Thu Sep 11, 2003 4:51 pm 
Offline
Junior Member
User avatar

Joined: Thu Sep 11, 2003 3:11 pm
Posts: 36
Website: http://www.bod.org
Location: San Jose, CA
Yep, dshield's pretty neat. Somehow I don't feel quite so helpless in the face of the onslaught if I can rat on the machines responsible :)

I have no problem with them blocking some ports, within reason (except perhaps a philosophical twinge). So long as common sense prevails and there's a good balance struck. I'll be running an OpenVPN tunnel for access to most services anyhow - no point in opening most of them up to the world unless they have to be.

Perhaps ThePlanet would consider making the router logs available to you over SNMP? I can't think why they would object to that, and a good case can be made for having better visibility into what's happening on your segment. And being able to submit them to dshield would be a bonus ;)

Paul
Top
   
Reply with quote  
fredz
PostPosted: Thu Oct 09, 2003 4:53 am 
Offline
Junior Member

Joined: Fri Sep 19, 2003 5:37 am
Posts: 22
Location: Luxembourg
PaulC wrote:
I can understand why you've chosen to filter ports, but on the flip side, it means I can't report activity on them to dshield.

What ports are blocked at the planet?
Top
   
Reply with quote  
PaulC
 Post subject:
PostPosted: Thu Oct 09, 2003 11:42 am 
Offline
Junior Member
User avatar

Joined: Thu Sep 11, 2003 3:11 pm
Posts: 36
Website: http://www.bod.org
Location: San Jose, CA
They are listed in the FAQ:
Which TCP Ports are blocked?

Paul
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linode.com Related Forums » Feature Request/Bug Report


Who is online

Users browsing this forum: No registered users and 0 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group