> On Sep 20, 2016, at 8:13 AM, RW <rwmailli...@googlemail.com> wrote: > > On Tue, 20 Sep 2016 14:34:02 +0000 > Shawn Bakhtiar wrote: > >> If you are strictly looking to block by IP addresses this is a far >> better task left to the firewall, and configured by networks not >> individual IP addresses. > > It shouldn't really be about blocking, it's about biasing the score. > >
I humbly disagree.... I find it interesting that most ISP's will block incoming connections like port 80 so home users can't run their own web servers, effectively forcing them to use providers for services "in the name of security" but when it comes to outgoing connection they take no measures what so ever. Mind you, I'm not taking about blocking HTTP or DNS. I simply block them on the SMTP gateway (kernel level firewall), this reduces directed spearfishing by a lot when I catch it early enough. Of course it usually means getting into the office at 5 AM and waddling through the honeypot email address to see where the next attack is coming from. :P
