[Dshield] IP ADDRESSES

John Hardin johnh at aproposretail.com
Fri Dec 5 00:01:29 GMT 2003


On Thu, 2003-12-04 at 13:37, Rick Klinge wrote:
> John,
> 
> Yes you are correct.. I've blocked class A's 61.0.0.0 and 219.0.0.0 MTA's
> from sending mail to us.  A rough estimate is that it is blocking about 65%
> of spam, porn, and hacker/trojan activities. 

Our "rejected spams" graph is at
http://boundary.aproposretail.com/~jhardin/spams.html

> Is there a way I could integrate the blackholes.us list into
> an automated filter of some sort?  Any platform.. don't' matter.

Blocking it at the application level in email is easy. See the
documentation for using RBLs with whatever your MTA is, then point your
MTA at whichever of the lists you deem appropriate.

Blocking it at the network level in a firewall is more difficult. You
definitely don't want to do a DNS lookup as part of your firewalling...

I don't know if the blackholes.us lists are "consolidated" or not. You'd
certainly want to consolidate them into netblocks before basing firewall
rules on them.

Does anybody know if there is a tool that will take a list of IP
addresses and consolidate them into netblocks? If that was available,
you could do something like:

1) download the blockholes zone files (all of the IPs)
2) consolidate them into netblocks
3) write firewall rules to block those netblocks

This'd be pretty easy to automate and schedule on a regular (weekly?)
basis.

--
John Hardin  KA7OHZ                           
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
  There is no problem that cannot be solved by the appropriate
  application of high explosives.
-----------------------------------------------------------------------
 13 days until The Return of the King




More information about the list mailing list