On Tue, 22 Oct 2013, Sergey Kolesnichenko wrote:
If I ever want to do something bad I would check if my IP is the public lists. If I ever want to protect my scripts I will never rely on 3rd party blacklists. And I think modsecurity.org saves the day for web applications...
You're missing the purpose of the list. Not everyone can, will, or has the capability of running modsecurity. I do so I am fully aware of how to blacklist/filter attacks. Filtering - while it helps me, helps me solely because I have taken the time to implement strong (overly aggressive) rules. What about the others who can't/don't run filters such as modsecurity. So for starters, it helps others see who is doing what on other networks under the premise that "if it hits me, it can hit you too." Secondly, accountability. Having maintained my blacklists for some time now, I get a lot of requests to have IP addresses taken off the blacklists. Many are companies that didn't even know they were compromised. Because of the list and people blocking the IP, they quickly fix their networks to where before, they'd of never known. Thirdly, research. I can't count the number of times that articles were written with no attributable addresses. By posting addresses publicly, anyone doing research into cybercrime related themese (botnets, etc.) can see addresses firsthand and if necessary, I would supply them for the exact attack vector used by an address. Finally, its no secret that most attackers do this (check against blacklists). At some point in time the theory is, they're gonna run out of addresses, and compromisable hosts once companies and individuals running websites get their acts in order. NO COMPANY wants to have entire netblocks blacklisted. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM "Where ignorance is our master, there is no possibility of real peace" - Dalai Lama 42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF