Re: OT: sorbs blacklisting scam

To: debian-isp@lists.debian.org
Subject: Re: OT: sorbs blacklisting scam
From: Craig Sanders <cas@taz.net.au>
Date: Tue, 2 May 2006 14:16:22 +1000
Message-id: <[🔎] 20060502041622.GL12804@taz.net.au>
In-reply-to: <[🔎] 20060501120605.GI15886@verkkotelakka.net>
References: <20060430135728.GB18916@khazad-dum.debian.net> <20060430150631.GF15886@verkkotelakka.net> <1146412982.30002.6.camel@mgb.bullion.ims> <20060430174232.GG15886@verkkotelakka.net> <1146419993.30002.26.camel@mgb.bullion.ims> <20060430225656.GA6667@www.lobefin.net> <1146438976.31199.12.camel@mgb.bullion.ims> <20060501014937.GH15886@verkkotelakka.net> <1146453571.2628.10.camel@udev.yosemite.net> <[🔎] 20060501120605.GI15886@verkkotelakka.net>

On Mon, May 01, 2006 at 03:06:05PM +0300, Juha-Matti Tapio wrote:
> While we are on the topic of blacklists, can anyone point me to a
> blacklist of hosts performing ssh brute force attacks? I have been
> wondering if it would be effective to use such a list for email
> since those compromised hosts do seem to be used primarily for
> spamming. (Just having spent most of the night monitoring a Romanian
> spammer controlling his botnet.)

use a DUL (the SORBS DUL is good) and use greylisting - that will block
most spam from botnets (which are mostly on dynamic IP addresses, and
mostly don't have real MTAs so don't retry).

even a 10 or 20 second timeout for greylisting is worthwhile.  spambots
typically don't retry.

craig

-- 
craig sanders <cas@taz.net.au>           (part time cyborg)

Reply to:

References:
- Re: OT: sorbs blacklisting scam
  - From: Juha-Matti Tapio <jmtapio@verkkotelakka.net>

Prev by Date: Re: OT: sorbs blacklisting scam
Next by Date: Re: Re: OT: sorbs blacklisting scam
Previous by thread: Re: OT: sorbs blacklisting scam
Next by thread: Re: Re: Re: OT: sorbs blacklisting scam
Index(es):
- Date
- Thread