Access denied and blockliss
If you are surfing the Internet, minding your own business, and receive an access denied message, you might understandably wonder why. As one Internet surfer discovered, he was trying to go to a legitimate web site to book a service in a country he was planning on visiting. Imagine his surprise when he see the image below in his web browser!
Hmm, whatever could that mean? If I were him I would try to contact Dshield. It is almost as though the company was using a blocklist or blocklist that this user had been placed on by attacking other people on the Internet. As SANS Internet Storm Center Handlers we have access to the Dshield database, and can query it. Our recommended block list is public and located here:
https://isc.sans.edu/block.txt
However the IP address of our web surfer is not on that list. A query of Dshield does result in some hits, in fact there are 9, all from the 11th of October for port 80. Not exactly an aggressive attacker hacking his way across the Internet. My guess would be clicking on invalid links where there used to be web servers, leading to reports of dropped traffic from that IP address.
What we know is that a certain vendor that shall remain nameless for the time being is making use of Dshield data incorrectly and inappropriately, and they should stop. If you recognize this error message you know who you are. If you make use of this vendors equipment or software be advised that whatever feature you have turned on is blocking completely innocent users trying to buy your services. It is not making you any more secure at all. I am not fond of blocklists or blocklists at all, and this misuse is not a particularly good idea.
Let's be careful out there!
Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.
My SANS Teaching Schedule
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago