[Dshield] Blocking Country Access

Scott Melnick duckie37 at gmail.com
Fri Feb 23 05:20:09 GMT 2007

Oh I hear you there. While my company does an extremely large amount
of email traffic and does business in the USA only; I chose to do
both. I stick Access Lists on my Border routers with the top 10 spam
countries (except the US of course) and it lightens the load on my
RBL/Antivirus processes and puts a bit of CPU on my border routers
which can handle it.

But this model works for me. It might not work for everyone. I'm not
interested in being a spam trap unfortunately. To each his own eh?

Scott Melnick

On 2/22/07, Valdis.Kletnieks at vt.edu <Valdis.Kletnieks at vt.edu> wrote:
> On Wed, 21 Feb 2007 20:18:37 MST, Andrew Willy said:

> I'm not Tony, but I'll just comment that most performance curves for this
> sort of thing is usually not a smooth curve - it may work fine for 70 users,
> and require no additional hardware for 700, or 7,000, but it totally falls over
> if you try to put 70,000 people on it.  Doing RBL lookups for 4,000 messages
> a day is trivial - trying to do RBLs for 4 million msgs/day without getting
> totally killed by the additional latency is a major challenge.  And I can't
> tell you where the curve bends, because it's highly site dependent (on things
> like network topology, the RBLs in use, and even what order you check the RBLs
> in...)
> Actually, this would be *trivial* to do, except we have users that want the
> million or so *legitimate* messages we handle a day to be delivered in a timely
> fashion as well.  Damned users - always being the monkey wrench in the design. ;)
> _________________________________________
> SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
> taught by our top rated instructors plus a huge vendor tools expo.
> Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)

More information about the list mailing list