Randy Ramsdell put forth on 3/8/2011 3:57 PM: > Stan Hoeppner wrote: >> FYI, the PBL isn't limited to dynamic listings. Many corporations add >> their unused IP space to the PBL, along with other IPs within their >> netblocks that shouldn't be sending direct mail. They do this as part >> of a multi-layered approach to network security, in addition to egress >> filtering at the edge firewalls. One errant mouse click by an >> apprentice/junior SA can accidentally disable an egress filter, as can a >> botched firmware update on a firewall or router, etc, etc. If, when >> such a thing occurs, you already have an internal spambot outbreak that >> the firewalls/routers were containing... >> >> I would have never considered this until one day the chief of network >> security at Nortel informed me they do precisely what I described above. >> >> Dorothy, you're not in Kansas anymore. >> > > If the firewall is blocking an outbreak of spam bots from sending mail > to the outside, why did they not know and fix this? I mean is it so bad > that the whole network team can't contain it? And then someone botched > the firewall which allowed the spam to be sent? Nortel hmmm.
Randy, you misread what I posted. Or maybe I didn't state things clearly. There were two separate things here. My 1st paragraph above describes why companies list some of their IP space in the PBL, and describes one hypothetical scenario which makes doing so useful. I didn't understand the scenario. That "..." means you, the reader, are supposed to imagine the rest of the outcome. I think my prose threw you off, and caused you to reverse cause and effect. The 2rd paragraph simply states that I first learned of this use of the PBL by the chief of network security at Nortel, and that Nortel lists some of their netspace on the PBL. The hypothetical scenario did _not_ occur at Nortel. -- Stan
