Stan Hoeppner wrote:
Randy Ramsdell put forth on 3/8/2011 3:57 PM:
Stan Hoeppner wrote:
FYI, the PBL isn't limited to dynamic listings. Many corporations add
their unused IP space to the PBL, along with other IPs within their
netblocks that shouldn't be sending direct mail. They do this as part
of a multi-layered approach to network security, in addition to egress
filtering at the edge firewalls. One errant mouse click by an
apprentice/junior SA can accidentally disable an egress filter, as can a
botched firmware update on a firewall or router, etc, etc. If, when
such a thing occurs, you already have an internal spambot outbreak that
the firewalls/routers were containing...
I would have never considered this until one day the chief of network
security at Nortel informed me they do precisely what I described above.
Dorothy, you're not in Kansas anymore.
If the firewall is blocking an outbreak of spam bots from sending mail
to the outside, why did they not know and fix this? I mean is it so bad
that the whole network team can't contain it? And then someone botched
the firewall which allowed the spam to be sent? Nortel hmmm.
Randy, you misread what I posted. Or maybe I didn't state things
clearly. There were two separate things here. My 1st paragraph above
describes why companies list some of their IP space in the PBL, and
describes one hypothetical scenario which makes doing so useful. I
didn't understand the scenario. That "..." means you, the reader, are
supposed to imagine the rest of the outcome. I think my prose threw you
off, and caused you to reverse cause and effect.
The 2rd paragraph simply states that I first learned of this use of the
PBL by the chief of network security at Nortel, and that Nortel lists
some of their netspace on the PBL. The hypothetical scenario did _not_
occur at Nortel.
Ahhh, I see. I can see that listing non-mail sending ips you use on PBL
as useful.
