I seen an article on the ha.ckers.org blog yesterday about this new blocklist site called threatstop, They was in no way shape or form endorsing it, simply an article about it. Im sure the author probably agrees with me on this.
It never ceases to amaze me the people ignorant enough to believe they can simply ban all bad ips and be safe from ddos and what not. I believe this is simply a waste of firewall rules that can be put to better use doing something else or remaining free in order to be used for a real attack.
Blocklists do not protect you from nothing, I say very rarely your firewall will even drop packets from the blocked ips. This is an absurd solution all the way around. The only way you can really see a reduction in ddos is if you block all shit countries at once i.e. China and other Asian countries, Brazil, Romania, etc; And then god forbid you had an attack coming from a totally different ip block your firewall would be filled with that crap or using one of these blocklists full of their crap that it would take you forever to reload your firewall if you have to change the rules and you will definitely see an increase in resource usage and a degradation of network performance.
If you are that worried about botnets then you should be on a protected network but unless you are paying thousands for the super advanced ddos firewalling then you are still gonna have to combat a good portion at the server reactively.Usually about 20-30% of ddos is passed through on mid-level filtering like you get when you simply buy a ddos protected server in the $100-300 price range. A proper configuration and the right software and scripts this is easily done. And with a webhosting server this is the only practical option because with blocklists and country banning you will have a lot of legit users banned, complaints and support tickets will go up and people will not be happy.
Now if there are server admins or webmasters who are using these blocklists to combat hacks and intrusions that is so highly laughable, its a joke. There is no way using these lists can protect you or increase your security one bit. As I posted in the comment on the ha.ckers blog, if you are that unsure of your admin practices that you feel safer blocking thousands of ips then you need to hire someone or something or start accessing and securing your assets better because its simply not gonna work.
So I would advise any newbie server admin not to buy into this blocklist pipe dream Its been proven its highly ineffective and impractical. Heck, even email blacklists are proof of that. There are just so many ips out there of zombie computers and they vary so much from attack to attack that keeping a blocklist is totally useless. And there is my 2 cents
Related Articles
No user responded in this post