a whitelist for outgoing syn port 80, 443 traffic for hosting

a whitelist for outgoing syn port 80, 443 traffic for hosting

[Ken A]

Hello,

Is anyone aware of a whitelist of hostnames of port 80,443 OUTGOING 
traffic that should be considered 'normal' in a hosting environment?
ie: SYN traffic to ups.com, authorize.net, technorati, for ecommerce, 
blogging, etc..

Categorizing traffic as good/bad is useful in this day of many php 
remote file include bugs.

Thanks,

Ken A.
Pacific.Net

Re: a whitelist for outgoing syn port 80, 443 traffic for hosting

[franck]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ken A wrote:
> Hello,
> 

Hi,

> Is anyone aware of a whitelist of hostnames of port 80,443 OUTGOING
> traffic that should be considered 'normal' in a hosting environment?
> ie: SYN traffic to ups.com, authorize.net, technorati, for ecommerce,
> blogging, etc..
> 
> Categorizing traffic as good/bad is useful in this day of many php
> remote file include bugs.
> 
> Thanks,

Maybe this is what you are looking for :

http://someonewhocares.org/hosts/zero/

- --
Franck Joncourt
http://www.debian.org
http://smhteam.info/wiki/
GPG server : pgpkeys.mit.edu
Fingerprint : C10E D1D0 EF70 0A2A CACF  9A3C C490 534E 75C0 89FE
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFyh0NxJBTTnXAif4RAoThAKDXxecdEq5gWmncfj7TmOcb5EAdbgCfZrnx
S/QzndrwWbq1CPhal5eQy8k=
=mf7k
-----END PGP SIGNATURE-----

		
___________________________________________________________ 
The all-new Yahoo! Mail goes wherever you go - free your email address from your Internet provider. http://uk.docs.yahoo.com/nowyoucan.html

Re: a whitelist for outgoing syn port 80, 443 traffic for hosting

[Grant Taylor]

franck wrote:
> Maybe this is what you are looking for :
> 
> http://someonewhocares.org/hosts/zero/

This list appears to be hosts that are suppose to be avoided, not hosts 
that are safe to contact.  BIG difference.



Grant. . . .

Re: a whitelist for outgoing syn port 80, 443 traffic for hosting

[Ken A]

franck wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Ken A wrote:
>> Hello,
>>
> 
> Hi,
> 
>> Is anyone aware of a whitelist of hostnames of port 80,443 OUTGOING
>> traffic that should be considered 'normal' in a hosting environment?
>> ie: SYN traffic to ups.com, authorize.net, technorati, for ecommerce,
>> blogging, etc..
>>
>> Categorizing traffic as good/bad is useful in this day of many php
>> remote file include bugs.
>>
>> Thanks,
> 
> Maybe this is what you are looking for :
> 
> http://someonewhocares.org/hosts/zero/

Thanks, but I'm looking for a whitelist for a fairly wide range of web 
applications, not a blacklist. There are plenty of good blacklists out 
there. surbl.org, uribl.com , etc. :-)
Ken


> 
> - --
> Franck Joncourt
> http://www.debian.org
> http://smhteam.info/wiki/
> GPG server : pgpkeys.mit.edu
> Fingerprint : C10E D1D0 EF70 0A2A CACF  9A3C C490 534E 75C0 89FE
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFFyh0NxJBTTnXAif4RAoThAKDXxecdEq5gWmncfj7TmOcb5EAdbgCfZrnx
> S/QzndrwWbq1CPhal5eQy8k=
> =mf7k
> -----END PGP SIGNATURE-----
> 
> 		
> ___________________________________________________________ 
> The all-new Yahoo! Mail goes wherever you go - free your email address from your Internet provider. http://uk.docs.yahoo.com/nowyoucan.html
> 
> 

Re: a whitelist for outgoing syn port 80, 443 traffic for hosting

[franck]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ken A wrote:
>>>> Is anyone aware of a whitelist of hostnames of port 80,443 OUTGOING
>>>> traffic that should be considered 'normal' in a hosting environment?
>>>> ie: SYN traffic to ups.com, authorize.net, technorati, for ecommerce,
>>>> blogging, etc..
>>>>
>>>> Categorizing traffic as good/bad is useful in this day of many php
>>>> remote file include bugs.
>>>>
>>>> Thanks,
> 
> Maybe this is what you are looking for :
> 
> http://someonewhocares.org/hosts/zero/
> 
>> Thanks, but I'm looking for a whitelist for a fairly wide range of web
>> applications, not a blacklist. There are plenty of good blacklists out
>> there. surbl.org, uribl.com , etc. :-)
>> Ken


As a matter of fact, I thought something you can put in a blacklist
could be useful, because it cannot be in the whitelist you are looking
for. But, thinking about it again, it is quite clear I would prefer a
small whitelist rather than a very huge blacklist.

Sorry.

- --
Franck Joncourt
http://www.debian.org
http://smhteam.info/wiki/
GPG server : pgpkeys.mit.edu
Fingerprint : C10E D1D0 EF70 0A2A CACF  9A3C C490 534E 75C0 89FE
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFyjVqxJBTTnXAif4RAoNBAKDD3HkFIrXh0ibViKiJnuu7l2UQAwCffV1A
tCuQUzJbHAeWcQA6vIoyWqM=
=srtS
-----END PGP SIGNATURE-----

		
___________________________________________________________ 
Try the all-new Yahoo! Mail. "The New Version is radically easier to use" – The Wall Street Journal 
http://uk.docs.yahoo.com/nowyoucan.html

Re: a whitelist for outgoing syn port 80, 443 traffic for hosting

[R. DuFresne]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 7 Feb 2007, franck wrote:

> --[PinePGP]--------------------------------------------------[begin]--
> Ken A wrote:
>>>>> Is anyone aware of a whitelist of hostnames of port 80,443 OUTGOING
>>>>> traffic that should be considered 'normal' in a hosting environment?
>>>>> ie: SYN traffic to ups.com, authorize.net, technorati, for ecommerce,
>>>>> blogging, etc..
>>>>>
>>>>> Categorizing traffic as good/bad is useful in this day of many php
>>>>> remote file include bugs.
>>>>>
>>>>> Thanks,
>>
>> Maybe this is what you are looking for :
>>
>> http://someonewhocares.org/hosts/zero/
>>
>>> Thanks, but I'm looking for a whitelist for a fairly wide range of web
>>> applications, not a blacklist. There are plenty of good blacklists out
>>> there. surbl.org, uribl.com , etc. :-)
>>> Ken
>
>
> As a matter of fact, I thought something you can put in a blacklist
> could be useful, because it cannot be in the whitelist you are looking
> for. But, thinking about it again, it is quite clear I would prefer a
> small whitelist rather than a very huge blacklist.
>


Would this not require that one beable to conclude that such "whitelist" 
ensures tha the hosts in it are "secure"  have never been compromised, and 
never will be compromised?  If this is what is sought, such a list would 
be impossible to build.  It is not possible to ensure the integrity of a 
system over time, only at a point in time to the dregree the server was 
audited to.

Thanks,

Ron DuFresne
- -- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         admin & senior security consultant:  sysinfo.com
                         http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                 -Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFy2jgst+vzJSwZikRArgyAJ0blUDEGgoTI6vGNoyotjWtYP13ZwCg3RTQ
i0D6I67rY0LBwLmpl5D3JpU=
=YnJ0
-----END PGP SIGNATURE-----

Re: a whitelist for outgoing syn port 80, 443 traffic for hosting

[Ken A]

R. DuFresne wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Wed, 7 Feb 2007, franck wrote:
> 
>> --[PinePGP]--------------------------------------------------[begin]--
>> Ken A wrote:
>>>>>> Is anyone aware of a whitelist of hostnames of port 80,443 OUTGOING
>>>>>> traffic that should be considered 'normal' in a hosting environment?
>>>>>> ie: SYN traffic to ups.com, authorize.net, technorati, for ecommerce,
>>>>>> blogging, etc..
>>>>>>
>>>>>> Categorizing traffic as good/bad is useful in this day of many php
>>>>>> remote file include bugs.
>>>>>>
>>>>>> Thanks,
>>>
>>> Maybe this is what you are looking for :
>>>
>>> http://someonewhocares.org/hosts/zero/
>>>
>>>> Thanks, but I'm looking for a whitelist for a fairly wide range of web
>>>> applications, not a blacklist. There are plenty of good blacklists out
>>>> there. surbl.org, uribl.com , etc. :-)
>>>> Ken
>>
>>
>> As a matter of fact, I thought something you can put in a blacklist
>> could be useful, because it cannot be in the whitelist you are looking
>> for. But, thinking about it again, it is quite clear I would prefer a
>> small whitelist rather than a very huge blacklist.
>>
> 
> 
> Would this not require that one beable to conclude that such "whitelist" 
> ensures tha the hosts in it are "secure"  have never been compromised, 
> and never will be compromised?   If this is what is sought, such a list
> would be impossible to build. 

What I need is a list of hosts that are commonly connected to via port 
80,443 by common web applications in a common web hosting environment, 
with blogs & shopping carts. Perhaps 'whitelist' was a bad choice of 
words? I don't think the DoD would use this list. The security of remote 
systems in such a list is of significant importance, but, the difference 
between allowing outgoing SYN packets to ups.com as opposed to 
geocities.com is level of trust.

Ken A.
Pacific.Net


  It is not possible to ensure the
> integrity of a system over time, only at a point in time to the dregree 
> the server was audited to.
> 
> Thanks,
> 
> Ron DuFresne