[RPZ] Whitelist rather than Blacklist
tomb at threatstop.com
Fri Mar 8 22:42:37 UTC 2013
It was a (very raw) example. Wide open on what the criteria should be.
Current use case that we provide is making Marcus Ranum's dictum easy across multiple, and multiple types, of firewalls. IE: Statically configured by the user.
What should be the use case for a dynamic version (we've had very limited request for it, except for Pingdom, which we provide)?
> -----Original Message-----
> From: dnsrpz-interest-bounces+tomb=threatstop.com at lists.isc.org
> [mailto:dnsrpz-interest-bounces+tomb=threatstop.com at lists.isc.org] On
> Behalf Of Andrew Fried
> Sent: Sunday, March 03, 2013 10:22 PM
> To: dnsrpz-interest at lists.isc.org
> Subject: Re: [RPZ] Whitelist rather than Blacklist
> An awful lot of malware use domains in the alexa list. I'd be pretty
> hesitant arbitrarily whitelisting based on a "most popular" or most used.
> On 3/3/13 9:56 PM, Tom Byrnes wrote:
> > If there is interest in a dynamic version of this, say the alexa 1000 as a
> whitelist and deny all else, we can gen it @ ThreatSTOP.
> > We already enable this in our IP product (we call it "IP Closed User Group").
> > _______________________________________________
> > dnsrpz-interest mailing list
> > dnsrpz-interest at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/dnsrpz-interest
> Andrew Fried
> Internet Systems Consortium, Inc.
> afried at isc.org
> dnsrpz-interest mailing list
> dnsrpz-interest at lists.isc.org
More information about the DNSfirewalls