Using such an list of ip address from a major rbl is flawed at the
core of the idea.  Over 85% of those 3 million ip address are spoofed
in the first place.  Most are what would be called false positives.


Actually there are almost no false positives in the CBL.  The three
million addresses on the CBL really are all IP addresses that have
recently sent spam.  (I know the people who run it and I know how they
get the addresses.)

But I agree that it is a poor idea to try to use it in your router, if
for no other reason than that the CBL is updated every few minutes,
and by the time you stuffed it into your ip tables, it'd be out of date.

The CBL works great for mail servers to refuse mail that has a 99.9+%
chance of being spam.  Use it that way.

If you want to use it to block access to your ssh server, run it from inetd and put a shim in between to check the CBL. Unless you get a dozen legit SSH logins a minute, that's vastly faster than trying to rsync a rapidly changing three million record file.

R's,
John

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to