> On Sep 20, 2016, at 8:13 AM, RW <rwmailli...@googlemail.com> wrote:
> On Tue, 20 Sep 2016 14:34:02 +0000
> Shawn Bakhtiar wrote:
>> If you are strictly looking to block by IP addresses this is a far
>> better task left to the firewall, and configured by networks not
>> individual IP addresses.
> It shouldn't really be about blocking, it's about biasing the score.
I humbly disagree....
I find it interesting that most ISP's will block incoming connections like port
80 so home users can't run their own web servers, effectively forcing them to
use providers for services "in the name of security" but when it comes to
outgoing connection they take no measures what so ever.
Mind you, I'm not taking about blocking HTTP or DNS. I simply block them on the
SMTP gateway (kernel level firewall), this reduces directed spearfishing by a
lot when I catch it early enough. Of course it usually means getting into the
office at 5 AM and waddling through the honeypot email address to see where the
next attack is coming from. :P