[Dshield] IP ADDRESSES

Rick Klinge rick at jaray.net
Thu Dec 4 21:37:11 GMT 2003


John,

Yes you are correct.. I've blocked class A's 61.0.0.0 and 219.0.0.0 MTA's
from sending mail to us.  A rough estimate is that it is blocking about 65%
of spam, porn, and hacker/trojan activities.  I'm seeing 'tons' of port 135,
7000, etc. scans/drops and have received 930579 echo / port 8 pings in the
last 5 hours.  Is there a way I could integrate the blackholes.us list into
an automated filter of some sort?  Any platform.. don't' matter.

~Rick

>
> On Thu, 2003-12-04 at 09:42, john beck wrote:
> > You can do that, but take the chance on missing out on good web
> sites (and
> > good information) from those subnets
> >
> > >On Tue, 2003-12-02 at 22:10, Rick Klinge wrote:
> > > > Does anyone know where I might obtain a list of all the
> china, japan,
> > > > malaysia, korea IP Assignments?  I figure If I can block
> ... I would
> > > > be able to eleminate about 90% of our spam and pornography
> > > > problems.
>
> Distinguish between blocking those IPs in the MTA and blocking them at
> the boundary. One only affects email, the other affects everything.
>
> It doesn't sound like Rick wanted to block them at the boundary, just at
> the MTA.
>
> I second the recommendation for www.blackholes.us
>
> --
> John Hardin  KA7OHZ
> Internal Systems Administrator                    voice: (425) 672-1304
> Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
> -----------------------------------------------------------------------
>   There is no problem that cannot be solved by the appropriate
>   application of high explosives.
> -----------------------------------------------------------------------
>  13 days until The Return of the King

___________________________________________________________________
Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.




More information about the list mailing list