Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Recommended Block List InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Recommended Block List

Published: 2006-02-01
Last Updated: 2006-02-02 14:02:08 UTC
by Johannes Ullrich (Version: 2)
0 comment(s)
Update:
Based on feedback from Intercage customers, we no longer
recommend to block them. Please let us know if you see any problems from 69.50.160.0/19 and we will try to facility contact and a resolution.

Updated Update:

Sunbelt posted this
blog documenting the issues with Intercage. As a comment: We do not say that Intercage is a safe and clean network now. However, they appear to have some valid customers. Please decide for yourself if you need the valid sites badly enough to risk exposure to the malware hosted at Intercage.




I hate block lists... maybe because I have been on the 'wrong end' of them in the past. But after careful consideration, we do recommend blocking traffic from these two netblocks:

InterCage Inc.: 69.50.160.0/19 (69.50.160.0 - 69.50.191.255)
Inhoster: 85.255.112.0/20 (85.255.112.0 - 85.255.127.255)

The list may be updated later. We do not expect to make this a "regular feature". But at this time we find that it is necessary to point out these particular two netblocks.

They have been associated with a number of high profile criminal activities in the past. A good number of WMF exploits use name servers or other resources in these netblocks. They have been non responsive to current and past requests to remove malicious content.

Keywords:
0 comment(s)
Diary Archives