* a whitelist for outgoing syn port 80, 443 traffic for hosting
@ 2007-02-07 17:23 Ken A
2007-02-07 18:40 ` franck
0 siblings, 1 reply; 7+ messages in thread
From: Ken A @ 2007-02-07 17:23 UTC (permalink / raw)
To: Mail List - Netfilter
Hello,
Is anyone aware of a whitelist of hostnames of port 80,443 OUTGOING
traffic that should be considered 'normal' in a hosting environment?
ie: SYN traffic to ups.com, authorize.net, technorati, for ecommerce,
blogging, etc..
Categorizing traffic as good/bad is useful in this day of many php
remote file include bugs.
Thanks,
Ken A.
Pacific.Net
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: a whitelist for outgoing syn port 80, 443 traffic for hosting
2007-02-07 17:23 a whitelist for outgoing syn port 80, 443 traffic for hosting Ken A
@ 2007-02-07 18:40 ` franck
2007-02-07 19:05 ` Grant Taylor
2007-02-07 19:09 ` Ken A
0 siblings, 2 replies; 7+ messages in thread
From: franck @ 2007-02-07 18:40 UTC (permalink / raw)
To: Mail List - Netfilter
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ken A wrote:
> Hello,
>
Hi,
> Is anyone aware of a whitelist of hostnames of port 80,443 OUTGOING
> traffic that should be considered 'normal' in a hosting environment?
> ie: SYN traffic to ups.com, authorize.net, technorati, for ecommerce,
> blogging, etc..
>
> Categorizing traffic as good/bad is useful in this day of many php
> remote file include bugs.
>
> Thanks,
Maybe this is what you are looking for :
http://someonewhocares.org/hosts/zero/
- --
Franck Joncourt
http://www.debian.org
http://smhteam.info/wiki/
GPG server : pgpkeys.mit.edu
Fingerprint : C10E D1D0 EF70 0A2A CACF 9A3C C490 534E 75C0 89FE
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFyh0NxJBTTnXAif4RAoThAKDXxecdEq5gWmncfj7TmOcb5EAdbgCfZrnx
S/QzndrwWbq1CPhal5eQy8k=
=mf7k
-----END PGP SIGNATURE-----
___________________________________________________________
The all-new Yahoo! Mail goes wherever you go - free your email address from your Internet provider. http://uk.docs.yahoo.com/nowyoucan.html
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: a whitelist for outgoing syn port 80, 443 traffic for hosting
2007-02-07 18:40 ` franck
@ 2007-02-07 19:05 ` Grant Taylor
2007-02-07 19:09 ` Ken A
1 sibling, 0 replies; 7+ messages in thread
From: Grant Taylor @ 2007-02-07 19:05 UTC (permalink / raw)
To: Mail List - Netfilter
franck wrote:
> Maybe this is what you are looking for :
>
> http://someonewhocares.org/hosts/zero/
This list appears to be hosts that are suppose to be avoided, not hosts
that are safe to contact. BIG difference.
Grant. . . .
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: a whitelist for outgoing syn port 80, 443 traffic for hosting
2007-02-07 18:40 ` franck
2007-02-07 19:05 ` Grant Taylor
@ 2007-02-07 19:09 ` Ken A
2007-02-07 20:24 ` franck
1 sibling, 1 reply; 7+ messages in thread
From: Ken A @ 2007-02-07 19:09 UTC (permalink / raw)
To: Mail List - Netfilter
franck wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Ken A wrote:
>> Hello,
>>
>
> Hi,
>
>> Is anyone aware of a whitelist of hostnames of port 80,443 OUTGOING
>> traffic that should be considered 'normal' in a hosting environment?
>> ie: SYN traffic to ups.com, authorize.net, technorati, for ecommerce,
>> blogging, etc..
>>
>> Categorizing traffic as good/bad is useful in this day of many php
>> remote file include bugs.
>>
>> Thanks,
>
> Maybe this is what you are looking for :
>
> http://someonewhocares.org/hosts/zero/
Thanks, but I'm looking for a whitelist for a fairly wide range of web
applications, not a blacklist. There are plenty of good blacklists out
there. surbl.org, uribl.com , etc. :-)
Ken
>
> - --
> Franck Joncourt
> http://www.debian.org
> http://smhteam.info/wiki/
> GPG server : pgpkeys.mit.edu
> Fingerprint : C10E D1D0 EF70 0A2A CACF 9A3C C490 534E 75C0 89FE
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFFyh0NxJBTTnXAif4RAoThAKDXxecdEq5gWmncfj7TmOcb5EAdbgCfZrnx
> S/QzndrwWbq1CPhal5eQy8k=
> =mf7k
> -----END PGP SIGNATURE-----
>
>
> ___________________________________________________________
> The all-new Yahoo! Mail goes wherever you go - free your email address from your Internet provider. http://uk.docs.yahoo.com/nowyoucan.html
>
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: a whitelist for outgoing syn port 80, 443 traffic for hosting
2007-02-07 19:09 ` Ken A
@ 2007-02-07 20:24 ` franck
2007-02-08 18:15 ` R. DuFresne
0 siblings, 1 reply; 7+ messages in thread
From: franck @ 2007-02-07 20:24 UTC (permalink / raw)
To: Mail List - Netfilter
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ken A wrote:
>>>> Is anyone aware of a whitelist of hostnames of port 80,443 OUTGOING
>>>> traffic that should be considered 'normal' in a hosting environment?
>>>> ie: SYN traffic to ups.com, authorize.net, technorati, for ecommerce,
>>>> blogging, etc..
>>>>
>>>> Categorizing traffic as good/bad is useful in this day of many php
>>>> remote file include bugs.
>>>>
>>>> Thanks,
>
> Maybe this is what you are looking for :
>
> http://someonewhocares.org/hosts/zero/
>
>> Thanks, but I'm looking for a whitelist for a fairly wide range of web
>> applications, not a blacklist. There are plenty of good blacklists out
>> there. surbl.org, uribl.com , etc. :-)
>> Ken
As a matter of fact, I thought something you can put in a blacklist
could be useful, because it cannot be in the whitelist you are looking
for. But, thinking about it again, it is quite clear I would prefer a
small whitelist rather than a very huge blacklist.
Sorry.
- --
Franck Joncourt
http://www.debian.org
http://smhteam.info/wiki/
GPG server : pgpkeys.mit.edu
Fingerprint : C10E D1D0 EF70 0A2A CACF 9A3C C490 534E 75C0 89FE
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFyjVqxJBTTnXAif4RAoNBAKDD3HkFIrXh0ibViKiJnuu7l2UQAwCffV1A
tCuQUzJbHAeWcQA6vIoyWqM=
=srtS
-----END PGP SIGNATURE-----
___________________________________________________________
Try the all-new Yahoo! Mail. "The New Version is radically easier to use" – The Wall Street Journal
http://uk.docs.yahoo.com/nowyoucan.html
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: a whitelist for outgoing syn port 80, 443 traffic for hosting
2007-02-07 20:24 ` franck
@ 2007-02-08 18:15 ` R. DuFresne
2007-02-08 19:04 ` Ken A
0 siblings, 1 reply; 7+ messages in thread
From: R. DuFresne @ 2007-02-08 18:15 UTC (permalink / raw)
To: franck; +Cc: Mail List - Netfilter
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 7 Feb 2007, franck wrote:
> --[PinePGP]--------------------------------------------------[begin]--
> Ken A wrote:
>>>>> Is anyone aware of a whitelist of hostnames of port 80,443 OUTGOING
>>>>> traffic that should be considered 'normal' in a hosting environment?
>>>>> ie: SYN traffic to ups.com, authorize.net, technorati, for ecommerce,
>>>>> blogging, etc..
>>>>>
>>>>> Categorizing traffic as good/bad is useful in this day of many php
>>>>> remote file include bugs.
>>>>>
>>>>> Thanks,
>>
>> Maybe this is what you are looking for :
>>
>> http://someonewhocares.org/hosts/zero/
>>
>>> Thanks, but I'm looking for a whitelist for a fairly wide range of web
>>> applications, not a blacklist. There are plenty of good blacklists out
>>> there. surbl.org, uribl.com , etc. :-)
>>> Ken
>
>
> As a matter of fact, I thought something you can put in a blacklist
> could be useful, because it cannot be in the whitelist you are looking
> for. But, thinking about it again, it is quite clear I would prefer a
> small whitelist rather than a very huge blacklist.
>
Would this not require that one beable to conclude that such "whitelist"
ensures tha the hosts in it are "secure" have never been compromised, and
never will be compromised? If this is what is sought, such a list would
be impossible to build. It is not possible to ensure the integrity of a
system over time, only at a point in time to the dregree the server was
audited to.
Thanks,
Ron DuFresne
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
...We waste time looking for the perfect lover
instead of creating the perfect love.
-Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFy2jgst+vzJSwZikRArgyAJ0blUDEGgoTI6vGNoyotjWtYP13ZwCg3RTQ
i0D6I67rY0LBwLmpl5D3JpU=
=YnJ0
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: a whitelist for outgoing syn port 80, 443 traffic for hosting
2007-02-08 18:15 ` R. DuFresne
@ 2007-02-08 19:04 ` Ken A
0 siblings, 0 replies; 7+ messages in thread
From: Ken A @ 2007-02-08 19:04 UTC (permalink / raw)
To: Mail List - Netfilter
R. DuFresne wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Wed, 7 Feb 2007, franck wrote:
>
>> --[PinePGP]--------------------------------------------------[begin]--
>> Ken A wrote:
>>>>>> Is anyone aware of a whitelist of hostnames of port 80,443 OUTGOING
>>>>>> traffic that should be considered 'normal' in a hosting environment?
>>>>>> ie: SYN traffic to ups.com, authorize.net, technorati, for ecommerce,
>>>>>> blogging, etc..
>>>>>>
>>>>>> Categorizing traffic as good/bad is useful in this day of many php
>>>>>> remote file include bugs.
>>>>>>
>>>>>> Thanks,
>>>
>>> Maybe this is what you are looking for :
>>>
>>> http://someonewhocares.org/hosts/zero/
>>>
>>>> Thanks, but I'm looking for a whitelist for a fairly wide range of web
>>>> applications, not a blacklist. There are plenty of good blacklists out
>>>> there. surbl.org, uribl.com , etc. :-)
>>>> Ken
>>
>>
>> As a matter of fact, I thought something you can put in a blacklist
>> could be useful, because it cannot be in the whitelist you are looking
>> for. But, thinking about it again, it is quite clear I would prefer a
>> small whitelist rather than a very huge blacklist.
>>
>
>
> Would this not require that one beable to conclude that such "whitelist"
> ensures tha the hosts in it are "secure" have never been compromised,
> and never will be compromised? If this is what is sought, such a list
> would be impossible to build.
What I need is a list of hosts that are commonly connected to via port
80,443 by common web applications in a common web hosting environment,
with blogs & shopping carts. Perhaps 'whitelist' was a bad choice of
words? I don't think the DoD would use this list. The security of remote
systems in such a list is of significant importance, but, the difference
between allowing outgoing SYN packets to ups.com as opposed to
geocities.com is level of trust.
Ken A.
Pacific.Net
It is not possible to ensure the
> integrity of a system over time, only at a point in time to the dregree
> the server was audited to.
>
> Thanks,
>
> Ron DuFresne
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2007-02-08 19:04 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-02-07 17:23 a whitelist for outgoing syn port 80, 443 traffic for hosting Ken A
2007-02-07 18:40 ` franck
2007-02-07 19:05 ` Grant Taylor
2007-02-07 19:09 ` Ken A
2007-02-07 20:24 ` franck
2007-02-08 18:15 ` R. DuFresne
2007-02-08 19:04 ` Ken A
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.