12 Apr
2019
12 Apr
'19
4:44 p.m.
On 12/04/2019 17:01, Mike Bird wrote:
On Fri April 12 2019 08:41:10 Michael Howard via
trinity-users wrote:
I'm referring to 'block' lists, as provided by spamhaus.org and
dshield.org for example, which are made available to everybody and can
be downloaded as frequently as one likes/needs.
As an added barrier, I also have my own list of blocked IPs. These are
IPs which are not on the above lists that repeatedly connect, trying
different username/password combinations in succession. This list is not
permanent because as you say, they could well be infected slaves.
--
Mike Howard
Of course it's possible to block millions, if
you have their IPs. It
wouldn't be efficient but then 'millions' are not brute force attacking
my, or your, or deloptes system at any one time. If they were, it would
be pointless anyway. The point is, if you have a regularly updated list
of known spam IPs, which we do, and you use a decent firewall, which I
do, you can prevent a huge amount of brute force attacks by just
dropping the connection.
I'm unclear what you're referring to as your
"regularly updated list".
Is this SYN rate limiting or fail2ban or a manually maintained list
or something else?