> On Sep 20, 2016, at 8:13 AM, RW <rwmailli...@googlemail.com> wrote:
> On Tue, 20 Sep 2016 14:34:02 +0000
> Shawn Bakhtiar wrote:
>> If you are strictly looking to block by IP addresses this is a far
>> better task left to the firewall, and configured by networks not
>> individual IP addresses. 
> It shouldn't really be about blocking, it's about biasing the score. 

I humbly disagree....

I find it interesting that most ISP's will block incoming connections like port 
80 so home users can't run their own web servers, effectively forcing them to 
use providers for services "in the name of security" but when it comes to 
outgoing connection they take no measures what so ever.

Mind you, I'm not taking about blocking HTTP or DNS. I simply block them on the 
SMTP gateway (kernel level firewall), this reduces directed spearfishing by a 
lot when I catch it early enough. Of course it usually means getting into the 
office at 5 AM and waddling through the honeypot email address to see where the 
next attack is coming from. :P

Reply via email to