-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 7 Feb 2007, franck wrote:
--[PinePGP]--------------------------------------------------[begin]--
Ken A wrote:
Is anyone aware of a whitelist of hostnames of port 80,443 OUTGOING
traffic that should be considered 'normal' in a hosting environment?
ie: SYN traffic to ups.com, authorize.net, technorati, for ecommerce,
blogging, etc..
Categorizing traffic as good/bad is useful in this day of many php
remote file include bugs.
Thanks,
Maybe this is what you are looking for :
http://someonewhocares.org/hosts/zero/
Thanks, but I'm looking for a whitelist for a fairly wide range of web
applications, not a blacklist. There are plenty of good blacklists out
there. surbl.org, uribl.com , etc. :-)
Ken
As a matter of fact, I thought something you can put in a blacklist
could be useful, because it cannot be in the whitelist you are looking
for. But, thinking about it again, it is quite clear I would prefer a
small whitelist rather than a very huge blacklist.
Would this not require that one beable to conclude that such "whitelist"
ensures tha the hosts in it are "secure" have never been compromised, and
never will be compromised? If this is what is sought, such a list would
be impossible to build. It is not possible to ensure the integrity of a
system over time, only at a point in time to the dregree the server was
audited to.
Thanks,
Ron DuFresne
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
...We waste time looking for the perfect lover
instead of creating the perfect love.
-Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFy2jgst+vzJSwZikRArgyAJ0blUDEGgoTI6vGNoyotjWtYP13ZwCg3RTQ
i0D6I67rY0LBwLmpl5D3JpU=
=YnJ0
-----END PGP SIGNATURE-----
