Great idea! I also had some problems with attacks from other networks and the sysad there did not seem to be intersted in that his servers are being abused for attacking other systems. But instead of a mailinglist I'd propose some kind of a public index of those networks (like those openrelaydatabases). How about thta??
Negative. If people/network admins really use this database, then it can be easily used as a DoS against someone an attacker doesn't like.
In a slightly different way, mailing lists like suse-security or bugtraq could (and definitely will be) (ab)used not only by responsible admins but also by black hats of all flavours. Most admins write their mails to this security list from their own systems, therefore a collection of domains running SuSE distros with probably vulnerable subsystems would be a piece of cake.
In addition, it violates the victim's right for privacy (would you like to be listed there if someone broke into your mailserver and started hacking from it?).
You are right if you say that some kind of inaedequately set up hack incident list would probably violate the right for privacy. But consider this: If you run a mailserver which gets hacked, what do you do? Keep the rooted machine online, like some fools do? No, you probably would backup important data, save the log files for forensic examination and reinstall cleanly, so you may fix the problem days before someone puts your ip into some databases or even notices that something is wrong, respectively. I consider it a mere problem of proper techniques and responsible procedures to set up a mailing list or website for reporting insecure networks/hosts; you don't necessarily have to be as agressive as ORBS.
Another problem: Even if you don't relay spam through the world, you might end up on the ORBS blacklist, just because you might happen to not meet all criteria that they impose (happened to me several times). In this case, the problem might even get out of control: "Message suppression" is a serious crime in Germany, and with methods like this you're walking along a very thin line...
I'm getting used to be a tightrope walker ;-) But seriously: I mentioned that some proposed list of insecure networks should be carefully and responsibly constructed and should *NOT* be a black hole, just a basis for further information and discussion for admins. It's illegal to pay back violence with violence, but IMHO it's ok to pay back trickyness with trickyness. And if there would be some informal network of sysadmins working together to actively fix security problems in insecure networks (thus cooperating with admins often too tired/unskilled to properly react to certain security issues) I would be a part of it. Share what you know, learn what you don't. Boris ---
Jochen
Thanks, Roman. -- - - | Roman Drahtm�ller
// "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | N�rnberg, Germany +49-911-740530 // (Batman Costume warning label) | [...]