On Sun, 18 Aug 2013, Len Conrad wrote:
Came up with a cool trick that seems to be working well after running for
several months.
I do the same by harvesting the IPs that fail SMTP AUTH a number of
times, and then if more than a number of IPs in a ClassC, I block the
entire ClassC.
I do the same with postscreen/pregreet IPs and ClassC.
Have you considered TCP Tarpitting instead of just blocking them?
Blocking them doesn't actually *punish* them. Getting their MTAs *stuck*
for hours or days does.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The Constitution is a written instrument. As such its meaning does
not alter. That which it meant when adopted, it means now.
-- U.S. Supreme Court
SOUTH CAROLINA v. US, 199 U.S. 437, 448 (1905)
-----------------------------------------------------------------------
5 days until the 1934th anniversary of the destruction of Pompeii
