On 12/04/2019 18:30, Mike Bird wrote:
On Fri April 12 2019 09:44:07 Michael Howard via trinity-users wrote:
I'm referring to 'block' lists, as provided by spamhaus.org and dshield.org for example, which are made available to everybody and can be downloaded as frequently as one likes/needs.
Spammers have rather different characteristics than the attackers attempting to hack systems and guess passwords.
As an added barrier, I also have my own list of blocked IPs. These are IPs which are not on the above lists that repeatedly connect, trying different username/password combinations in succession. This list is not permanent because as you say, they could well be infected slaves.
Infected PCs attempting to guess passwords and exploit bugs number in the millions, with thousands of changes every day.
What is needed is defense in depth including staying up to date on security patches, careful software configuration including firewalls, various forms of packet rate limiting, encryption, fail2ban, reverse DNS checks, SPF/DKIM, spam filters, and malware scanners.
Shakes head and gives up.