[Dshield] Firewall/Spam defense
Father Peter Darin
BDarin at tanaya.net
Tue Oct 21 08:17:21 GMT 2003
In lieu of the recent RBL issues, I've recently started a research project
on controlling spam via the firewall. My research involves finding DHCP or
dial-up ip addresses and blocking the for a period of time if the ip
registers a connect on port 25.
As the ip address is seen in recurrence, the block out time increses. I've
had about a 35% seccuss ratio. The ratio increases as my users continue to
With the RBL's, at best we achieved about 10% effeciency and 5% loss of
My questions are as follows:
1. Is there a definitive way to get a list of dynamic IP blocks?
2. I am interested in any opinions of this research.
I am looking to improve my tactics in identifing dynamic IP addresses and
also to determine the long term viability of the project.
To date, I have determined 1.5 million dynamic addresses.
Thank you in advance.
--- [ tanaya.net/Exim/Antiviral ] ---
This message has been scanned with ClamScan, Inoculate, RAV and
H+BEDV AntiVir antivirus software and has been determined to be
More information about the list