On Sat, 2009-04-25 at 23:06 +0100, Ned Slider wrote: > John Hardin wrote: > > > Igor, you might also want to implement greylisting, to give the URIBLs a > > chance to list URIs that appear in these messages. > > Interesting concept - do you have any data to support the hypothesis?
Nope. > I tried looking at this a while back, but it's difficult to collect > qualitative data. I ran for a month with a short greylisting period (1 > min), and a month for 30 mins and 60 mins. I looked at hit rates against > popular DNSRBLs to see if I could observe any increase in effectiveness > from IPs being added during the increased greylisting periods. Note I said "URIBLs". The URI domains will probably not change as quickly as the IP addresses from a botnet universe. I don't expect greylisting to have much if any benefit w/r/t DNSBLs. -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- I'll have that son of a bitch eating out of dumpsters in less than two years. -- MS CEO Steve Ballmer, on RedHat CEO Matt Szulik ----------------------------------------------------------------------- 94 days since Obama's inauguration and still no unicorn!
