Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

MGLEE (4392)

  (email not shown publicly)

If any of this makes any sense yes I probably am that person : anatomy, anat0010, AND, Banbury, bookstack, Bristol, Community, ebookers, Fitz, GDM, ghosts, IFSBM, mondus, naming company, ox.test, Oxford, Oxdigital, spam, statistics.

Journal of MGLEE (4392)

Thursday September 25, 2003
07:52 AM

Distributed DNS blacklists # 2

[ #14902 ]

The best architecture I can think of is using the distributed nature of Usenet to disseminate incremental updates to DNS blacklists using some authenticated structured format. The most appropriate I can think of is signed XML.

This system allows users to access blacklist information anonymously and create local (or regional) blacklist mirrors which are private to a local network (or ISP) or at the least not widely advertised. In any case, if one mirror is taken out, it doesnt affect any of the other mirrors.

The newsgroup would be moderated, trusted maintainers of blacklists given a key with which to create an 'approved' header with their own stamp of trusted approval.

The obvious attacks are post flooding and cancel bots. The former can be defeated with an official cancel bot, the latter by a resurrection bot.

Signing the content of the posts allows users to determine if they trust the assertion that the post content relates to the named blacklist and detect and reject attempts at poisoning the lists.

Its an imperfect solution, but its a start. Ideas ?

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.
  • is a distributed version control system that includes trust metrics and some PKI that got me thinking. My idea is that you can think of collaborating on a blacklist as a project under version control, one in which you don't necessarily trust everyone else's patches.

    It's different from the blacklist-as-single-document-from-a-single-server design -- instead consider a blacklist as instead comprising of a baseline and a set of patches from multiple sources, some of whom you t