12 Apr
2019
12 Apr
'19
7:29 p.m.
On 12/04/2019 18:30, Mike Bird wrote:
On Fri April 12 2019 09:44:07 Michael Howard via
trinity-users wrote:
Shakes head and gives up.
--
Mike Howard
I'm referring to 'block' lists, as
provided by spamhaus.org and
dshield.org for example, which are made available to everybody and can
be downloaded as frequently as one likes/needs.
Spammers have rather different
characteristics than the attackers
attempting to hack systems and guess passwords.
As an added barrier, I also have my own list of
blocked IPs. These are
IPs which are not on the above lists that repeatedly connect, trying
different username/password combinations in succession. This list is not
permanent because as you say, they could well be infected slaves.
Infected PCs
attempting to guess passwords and exploit bugs number
in the millions, with thousands of changes every day.
What is needed is defense in depth including staying up to date on
security patches, careful software configuration including firewalls,
various forms of packet rate limiting, encryption, fail2ban, reverse
DNS checks, SPF/DKIM, spam filters, and malware scanners.