Title: Message
|
Basically a "Trusted" RBL list of hosts known to
be used in dictionary attacks. As with the trouble of all RBLs it's only as
good as long as it's updated and that includes removals. Blanket bans of entire
blocks may be feasible for small business, but anyone that is hosting lots of
users is bound to catch some email that some customer is going
to think is critical to their existence on earth.
I'm talking about creating a
list of narrowed ranges that conduct dictionary attacks.
Chuck
Schick wrote:
If
you are talking about blocking entire class A's, I would not recommend
it. The 24.0.0.0/8 contains a lot of comcast IPs so if you have
customers that use a comcast connection you could block them. The
other IPs you mention are allocated to non north american backbones - you
mileage may vary on blocking those. We have a lot of clients doing
business overseas so we have to be very careful who we block. I know
other hosts who block all of Korea, china, etc. without a
problem.
Now
that this is working as it should be I'm noticing that there are IP blocks
that start with 24, 61, 200, 211, and 222. Would it be worthwhile to
simply block everything from such a range? I don't know where they
originate from but it seems that if we shared such a list we could
effectively block many dictionary attacks. Thoughts?
|
- RE: [IMail Forum] control access list Chris Moody
-
