[Dshield] Spamhouse now listing exploited IPs in new

Jeff Kell jeff-kell at utc.edu
Wed Jan 14 22:30:48 GMT 2004


Brad Spencer wrote:

>> (*) what about dynamic IPs?
>>    this was menitioned before. It looks like they keep IPs in their list
>> for 6 months. ..
> 
> 
> Possibly too long.  More below.

I agree 100%.  I have a script that converts the SBL and SPEWS listings 
into a Cisco ACL and we ignore them completely.  If they are going to 
list open proxies, it had better be a very short interval (I update 2-3 
times a week).  We use DNSBLs too, but the ACL approach is to deny them 
completely before they get started.

Jeff




More information about the list mailing list