[Dshield] Firewall/Spam defense

Father Peter Darin BDarin at tanaya.net
Tue Oct 21 08:17:21 GMT 2003


In lieu of the recent RBL issues, I've recently started a research project 
on controlling spam via the firewall.  My research involves finding DHCP or 
dial-up ip addresses and blocking the for a period of time if the ip 
registers a connect on port 25. 

As the ip address is seen in recurrence, the block out time increses.  I've 
had about a 35% seccuss ratio.  The ratio increases as my users continue to 
identify spam. 

With the RBL's, at best we achieved about 10% effeciency and 5% loss of 
legitimate mail. 

My questions are as follows: 

1.  Is there a definitive way to get a list of dynamic IP blocks? 

2.  I am interested in any opinions of this research. 

I am looking to improve my tactics in identifing dynamic IP addresses and 
also to determine the long term viability of the project. 

To date, I have determined 1.5 million dynamic addresses. 

Thank you in advance. 

--- [ tanaya.net/Exim/Antiviral ] ---
This message has been scanned with ClamScan, Inoculate, RAV and
H+BEDV AntiVir antivirus software and has been determined to be

More information about the list mailing list