funsec mailing list archives
Re: 95% of User Generated Content is spam or malicious
From: "Tomas L. Byrnes" <tomb () byrneit net>
Date: Mon, 15 Feb 2010 09:28:08 -0800
DROP and Country blocks are part, but only part, of the ThreatSTOP feeds. If you're not using Bogons, DShield, Shadowserver, and the SRI MTC, you're missing the recon bots, new malware drive-by seeds, and the C&Cs. We've got those, and more, including some of our own developed using cross-correlation and user log submission. ThreatSTOP is pretty much about aggregating the best practices blocks such as you have listed, and constantly tracking which ones stay current, and making them easy to use and dynamically updated across multiple platforms. Sounds like you're doing what I was doing when I came up with the underlying idea, and was having to write a new script for each new type of firewall or new list I wanted to use, and said "There has to be a better way", looked for one, didn't find it, and so decided to build it! Stay safe!
-----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Rich Kulawiec Sent: Monday, February 15, 2010 8:46 AM To: funsec () linuxbox org Subject: Re: [funsec] 95% of User Generated Content is spam or malicious On Sun, Feb 14, 2010 at 03:41:16PM -0800, Tomas L. Byrnes wrote:Threatstop users running the default TS blocklists on their
firewalls
before the anti-spam systems see, typically, 15% to 25% reduction in average SMTP traffic, and a reduction of peak SMTP traffic to 1/4 of what it is without ThreatSTOP.<chuckle> I'm waaaay past that. I've cut down the number of incoming connections by about 90% via judicious use of the DROP list, country blocks (see ipdeny.com), spammer-allocated blocks, etc. at the firewall. In one installation, I've gone the other way: all SMTP connections are blocked except those originating in North America (less those on the DROP list or in spammer-allocated blocks). The default-permit model for SMTP is on its way out, and it makes progressively less sense to spend ever-increasing resources to sustain it. But judicious study of inbound/outbound mail traffic is very necessary before trying something like this. (Then again: how could any postmaster possibly know how well they're doing unless they measure it? Sadly, very, very few actually do.) ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- 95% of User Generated Content is spam or malicious Robert Portvliet (Feb 07)
- Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 10)
- Re: 95% of User Generated Content is spam or malicious Robert Portvliet (Feb 10)
- Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 10)
- Re: 95% of User Generated Content is spam or malicious Dave Paris (Feb 10)
- Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 14)
- Re: 95% of User Generated Content is spam or malicious Drsolly (Feb 14)
- Re: 95% of User Generated Content is spam or malicious Tomas L. Byrnes (Feb 14)
- Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 15)
- Re: 95% of User Generated Content is spam or malicious Tomas L. Byrnes (Feb 15)
- Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 18)
- Re: 95% of User Generated Content is spam or malicious der Mouse (Feb 18)
- Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 21)
- Re: 95% of User Generated Content is spam or malicious Tomas L. Byrnes (Feb 21)
- Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 22)
- Re: 95% of User Generated Content is spam or malicious Dan Kaminsky (Feb 22)
- Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 22)
- Re: 95% of User Generated Content is spam or malicious Dan Kaminsky (Feb 22)
- Re: 95% of User Generated Content is spam or malicious Hubbard, Dan (Feb 23)
- Re: 95% of User Generated Content is spam or malicious Joel Esler (Feb 23)
- Re: 95% of User Generated Content is spam or malicious Robert Portvliet (Feb 10)
- Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 10)