[Dshield] Spamhouse now listing exploited IPs in new
jeff-kell at utc.edu
Wed Jan 14 22:30:48 GMT 2004
Brad Spencer wrote:
>> (*) what about dynamic IPs?
>> this was menitioned before. It looks like they keep IPs in their list
>> for 6 months. ..
> Possibly too long. More below.
I agree 100%. I have a script that converts the SBL and SPEWS listings
into a Cisco ACL and we ignore them completely. If they are going to
list open proxies, it had better be a very short interval (I update 2-3
times a week). We use DNSBLs too, but the ACL approach is to deny them
completely before they get started.
More information about the list