On Tue, Aug 30, 2016, at 15:22, Michael Peddemors wrote: > On 16-08-30 12:43 PM, Michael Wise via mailop wrote: > > We could use one to call out the location of colo servers that should never > > be connecting on port 443, for instance. > > Um, I can think of a reason why that might not be perfect.. For instance > cloud services which monitor your email box for you..
Or web servers that shouldn't ever be calling out on 443, at least, until we install a new gizmo that does and it doesn't work. Or my mail server, which should never call out on 443, except that now we use Cyren's spam/AV stuff, which does. Still, it would be nice if there was a way to identify what type of traffic/behaviour is expected of an IP, when a commercially run web server starts attacking, it would be nice to know I can safely block 443 whereas I can't do that if it's a carrier grade NAT outbound IP. Unfortunately I suspect maintaining such a list would be resource prohibitive, and/or the data would be too low quality to be useful. _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
