* a whitelist for outgoing syn port 80, 443 traffic for hosting @ 2007-02-07 17:23 Ken A 2007-02-07 18:40 ` franck 0 siblings, 1 reply; 7+ messages in thread From: Ken A @ 2007-02-07 17:23 UTC (permalink / raw) To: Mail List - Netfilter Hello, Is anyone aware of a whitelist of hostnames of port 80,443 OUTGOING traffic that should be considered 'normal' in a hosting environment? ie: SYN traffic to ups.com, authorize.net, technorati, for ecommerce, blogging, etc.. Categorizing traffic as good/bad is useful in this day of many php remote file include bugs. Thanks, Ken A. Pacific.Net ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: a whitelist for outgoing syn port 80, 443 traffic for hosting 2007-02-07 17:23 a whitelist for outgoing syn port 80, 443 traffic for hosting Ken A @ 2007-02-07 18:40 ` franck 2007-02-07 19:05 ` Grant Taylor 2007-02-07 19:09 ` Ken A 0 siblings, 2 replies; 7+ messages in thread From: franck @ 2007-02-07 18:40 UTC (permalink / raw) To: Mail List - Netfilter -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ken A wrote: > Hello, > Hi, > Is anyone aware of a whitelist of hostnames of port 80,443 OUTGOING > traffic that should be considered 'normal' in a hosting environment? > ie: SYN traffic to ups.com, authorize.net, technorati, for ecommerce, > blogging, etc.. > > Categorizing traffic as good/bad is useful in this day of many php > remote file include bugs. > > Thanks, Maybe this is what you are looking for : http://someonewhocares.org/hosts/zero/ - -- Franck Joncourt http://www.debian.org http://smhteam.info/wiki/ GPG server : pgpkeys.mit.edu Fingerprint : C10E D1D0 EF70 0A2A CACF 9A3C C490 534E 75C0 89FE -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFyh0NxJBTTnXAif4RAoThAKDXxecdEq5gWmncfj7TmOcb5EAdbgCfZrnx S/QzndrwWbq1CPhal5eQy8k= =mf7k -----END PGP SIGNATURE----- ___________________________________________________________ The all-new Yahoo! Mail goes wherever you go - free your email address from your Internet provider. http://uk.docs.yahoo.com/nowyoucan.html ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: a whitelist for outgoing syn port 80, 443 traffic for hosting 2007-02-07 18:40 ` franck @ 2007-02-07 19:05 ` Grant Taylor 2007-02-07 19:09 ` Ken A 1 sibling, 0 replies; 7+ messages in thread From: Grant Taylor @ 2007-02-07 19:05 UTC (permalink / raw) To: Mail List - Netfilter franck wrote: > Maybe this is what you are looking for : > > http://someonewhocares.org/hosts/zero/ This list appears to be hosts that are suppose to be avoided, not hosts that are safe to contact. BIG difference. Grant. . . . ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: a whitelist for outgoing syn port 80, 443 traffic for hosting 2007-02-07 18:40 ` franck 2007-02-07 19:05 ` Grant Taylor @ 2007-02-07 19:09 ` Ken A 2007-02-07 20:24 ` franck 1 sibling, 1 reply; 7+ messages in thread From: Ken A @ 2007-02-07 19:09 UTC (permalink / raw) To: Mail List - Netfilter franck wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Ken A wrote: >> Hello, >> > > Hi, > >> Is anyone aware of a whitelist of hostnames of port 80,443 OUTGOING >> traffic that should be considered 'normal' in a hosting environment? >> ie: SYN traffic to ups.com, authorize.net, technorati, for ecommerce, >> blogging, etc.. >> >> Categorizing traffic as good/bad is useful in this day of many php >> remote file include bugs. >> >> Thanks, > > Maybe this is what you are looking for : > > http://someonewhocares.org/hosts/zero/ Thanks, but I'm looking for a whitelist for a fairly wide range of web applications, not a blacklist. There are plenty of good blacklists out there. surbl.org, uribl.com , etc. :-) Ken > > - -- > Franck Joncourt > http://www.debian.org > http://smhteam.info/wiki/ > GPG server : pgpkeys.mit.edu > Fingerprint : C10E D1D0 EF70 0A2A CACF 9A3C C490 534E 75C0 89FE > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFFyh0NxJBTTnXAif4RAoThAKDXxecdEq5gWmncfj7TmOcb5EAdbgCfZrnx > S/QzndrwWbq1CPhal5eQy8k= > =mf7k > -----END PGP SIGNATURE----- > > > ___________________________________________________________ > The all-new Yahoo! Mail goes wherever you go - free your email address from your Internet provider. http://uk.docs.yahoo.com/nowyoucan.html > > ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: a whitelist for outgoing syn port 80, 443 traffic for hosting 2007-02-07 19:09 ` Ken A @ 2007-02-07 20:24 ` franck 2007-02-08 18:15 ` R. DuFresne 0 siblings, 1 reply; 7+ messages in thread From: franck @ 2007-02-07 20:24 UTC (permalink / raw) To: Mail List - Netfilter -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ken A wrote: >>>> Is anyone aware of a whitelist of hostnames of port 80,443 OUTGOING >>>> traffic that should be considered 'normal' in a hosting environment? >>>> ie: SYN traffic to ups.com, authorize.net, technorati, for ecommerce, >>>> blogging, etc.. >>>> >>>> Categorizing traffic as good/bad is useful in this day of many php >>>> remote file include bugs. >>>> >>>> Thanks, > > Maybe this is what you are looking for : > > http://someonewhocares.org/hosts/zero/ > >> Thanks, but I'm looking for a whitelist for a fairly wide range of web >> applications, not a blacklist. There are plenty of good blacklists out >> there. surbl.org, uribl.com , etc. :-) >> Ken As a matter of fact, I thought something you can put in a blacklist could be useful, because it cannot be in the whitelist you are looking for. But, thinking about it again, it is quite clear I would prefer a small whitelist rather than a very huge blacklist. Sorry. - -- Franck Joncourt http://www.debian.org http://smhteam.info/wiki/ GPG server : pgpkeys.mit.edu Fingerprint : C10E D1D0 EF70 0A2A CACF 9A3C C490 534E 75C0 89FE -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFyjVqxJBTTnXAif4RAoNBAKDD3HkFIrXh0ibViKiJnuu7l2UQAwCffV1A tCuQUzJbHAeWcQA6vIoyWqM= =srtS -----END PGP SIGNATURE----- ___________________________________________________________ Try the all-new Yahoo! Mail. "The New Version is radically easier to use" – The Wall Street Journal http://uk.docs.yahoo.com/nowyoucan.html ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: a whitelist for outgoing syn port 80, 443 traffic for hosting 2007-02-07 20:24 ` franck @ 2007-02-08 18:15 ` R. DuFresne 2007-02-08 19:04 ` Ken A 0 siblings, 1 reply; 7+ messages in thread From: R. DuFresne @ 2007-02-08 18:15 UTC (permalink / raw) To: franck; +Cc: Mail List - Netfilter -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 7 Feb 2007, franck wrote: > --[PinePGP]--------------------------------------------------[begin]-- > Ken A wrote: >>>>> Is anyone aware of a whitelist of hostnames of port 80,443 OUTGOING >>>>> traffic that should be considered 'normal' in a hosting environment? >>>>> ie: SYN traffic to ups.com, authorize.net, technorati, for ecommerce, >>>>> blogging, etc.. >>>>> >>>>> Categorizing traffic as good/bad is useful in this day of many php >>>>> remote file include bugs. >>>>> >>>>> Thanks, >> >> Maybe this is what you are looking for : >> >> http://someonewhocares.org/hosts/zero/ >> >>> Thanks, but I'm looking for a whitelist for a fairly wide range of web >>> applications, not a blacklist. There are plenty of good blacklists out >>> there. surbl.org, uribl.com , etc. :-) >>> Ken > > > As a matter of fact, I thought something you can put in a blacklist > could be useful, because it cannot be in the whitelist you are looking > for. But, thinking about it again, it is quite clear I would prefer a > small whitelist rather than a very huge blacklist. > Would this not require that one beable to conclude that such "whitelist" ensures tha the hosts in it are "secure" have never been compromised, and never will be compromised? If this is what is sought, such a list would be impossible to build. It is not possible to ensure the integrity of a system over time, only at a point in time to the dregree the server was audited to. Thanks, Ron DuFresne - -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629 ...We waste time looking for the perfect lover instead of creating the perfect love. -Tom Robbins <Still Life With Woodpecker> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFy2jgst+vzJSwZikRArgyAJ0blUDEGgoTI6vGNoyotjWtYP13ZwCg3RTQ i0D6I67rY0LBwLmpl5D3JpU= =YnJ0 -----END PGP SIGNATURE----- ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: a whitelist for outgoing syn port 80, 443 traffic for hosting 2007-02-08 18:15 ` R. DuFresne @ 2007-02-08 19:04 ` Ken A 0 siblings, 0 replies; 7+ messages in thread From: Ken A @ 2007-02-08 19:04 UTC (permalink / raw) To: Mail List - Netfilter R. DuFresne wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Wed, 7 Feb 2007, franck wrote: > >> --[PinePGP]--------------------------------------------------[begin]-- >> Ken A wrote: >>>>>> Is anyone aware of a whitelist of hostnames of port 80,443 OUTGOING >>>>>> traffic that should be considered 'normal' in a hosting environment? >>>>>> ie: SYN traffic to ups.com, authorize.net, technorati, for ecommerce, >>>>>> blogging, etc.. >>>>>> >>>>>> Categorizing traffic as good/bad is useful in this day of many php >>>>>> remote file include bugs. >>>>>> >>>>>> Thanks, >>> >>> Maybe this is what you are looking for : >>> >>> http://someonewhocares.org/hosts/zero/ >>> >>>> Thanks, but I'm looking for a whitelist for a fairly wide range of web >>>> applications, not a blacklist. There are plenty of good blacklists out >>>> there. surbl.org, uribl.com , etc. :-) >>>> Ken >> >> >> As a matter of fact, I thought something you can put in a blacklist >> could be useful, because it cannot be in the whitelist you are looking >> for. But, thinking about it again, it is quite clear I would prefer a >> small whitelist rather than a very huge blacklist. >> > > > Would this not require that one beable to conclude that such "whitelist" > ensures tha the hosts in it are "secure" have never been compromised, > and never will be compromised? If this is what is sought, such a list > would be impossible to build. What I need is a list of hosts that are commonly connected to via port 80,443 by common web applications in a common web hosting environment, with blogs & shopping carts. Perhaps 'whitelist' was a bad choice of words? I don't think the DoD would use this list. The security of remote systems in such a list is of significant importance, but, the difference between allowing outgoing SYN packets to ups.com as opposed to geocities.com is level of trust. Ken A. Pacific.Net It is not possible to ensure the > integrity of a system over time, only at a point in time to the dregree > the server was audited to. > > Thanks, > > Ron DuFresne ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2007-02-08 19:04 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2007-02-07 17:23 a whitelist for outgoing syn port 80, 443 traffic for hosting Ken A 2007-02-07 18:40 ` franck 2007-02-07 19:05 ` Grant Taylor 2007-02-07 19:09 ` Ken A 2007-02-07 20:24 ` franck 2007-02-08 18:15 ` R. DuFresne 2007-02-08 19:04 ` Ken A
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.