Is there any that a very simple "firewall" or local blocking list
could be added to protect from smtp probes?
For example, if a lot of probing comes from a certain IP, a sysop could manually add it to a 'deny' list which would not allow delivery of
mail or attempts to deliver mail trying to verify valid email
accounts which are later found on the newest "29 million e-marketing addresses for $149.99" CD's. (they don't pay me for letting them steal
the addresses)
The list could updated at the admins discretion if the issues are
resolved.
I know there are firewalls and routers to do this, but something simple
to stop or at least slow down this activity from known abusers via a
local list could be MOST helpful.
The rbl built-in capabilites work great, but as many of us know these
lists are not perfect and often either overkill or very short of hitting
the target.
This would help stop the harvesting of email addresses via wcsmtp.
Right now I could use something like this, have been getting killed with 24/7 dictionary probes. I don't mind the oversized log files as much as
the fact that since 11/01/2002, 6 of our accounts were verified this
way and 2 of those started getting spam yesterday.
Reporting the network abuse to ISP's is both labor intense and many
times as effective as pounding sand up one's butt.
The spamrbl works great IF the ip's are listed, and getting them listed seems to be a lot like hunting for bigfoot or the loc ness monster, and
as sometimes known good ip's are listed and blocked ONLY because the are part of a netblock/dialup pool and not as a separate IP.
I don't really want to go through the hassle of learning firewalls right
now and the machine resources overhead, and can't justify the expense of good hardware.
Thoughts or ideas?
--
Dave
I use Sygate Personal Firewall (free for personal use) and it can
block IP and or ports.
Ken
On 12/1/02 5:40 PM, DAVE GOURD wrote to HECTOR SANTOS:
Is there any that a very simple "firewall" or local blocking list
could be added to protect from smtp probes?
For example, if a lot of probing comes from a certain IP, a sysop manually add it to a 'deny' list which would not allow delivery of
mail or attempts to deliver mail trying to verify valid email
accounts which are later found on the newest "29 million e-marketing addresses for $149.99" CD's. (they don't pay me for letting them s
the addresses)
The list could updated at the admins discretion if the issues are resolved.
I know there are firewalls and routers to do this, but something s
to stop or at least slow down this activity from known abusers via a local list could be MOST helpful.
The rbl built-in capabilites work great, but as many of us know these lists are not perfect and often either overkill or very short of h
the target.
This would help stop the harvesting of email addresses via wcsmtp.
Right now I could use something like this, have been getting kille
24/7 dictionary probes. I don't mind the oversized log files as mu
the fact that since 11/01/2002, 6 of our accounts were verified this
way and 2 of those started getting spam yesterday.
Reporting the network abuse to ISP's is both labor intense and many
times as effective as pounding sand up one's butt.
The spamrbl works great IF the ip's are listed, and getting them l
seems to be a lot like hunting for bigfoot or the loc ness monster
as sometimes known good ip's are listed and blocked ONLY because t
part of a netblock/dialup pool and not as a separate IP.
I don't really want to go through the hassle of learning firewalls
now and the machine resources overhead, and can't justify the expe
good hardware.
Thoughts or ideas?
--
Dave
Sysop: | digital man |
---|---|
Location: | Riverside County, California |
Users: | 1,037 |
Nodes: | 15 (0 / 15) |
Uptime: | 49:11:10 |
Calls: | 8 |
Calls today: | 8 |
Files: | 95,181 |
D/L today: |
14,024 files (1,870M bytes) |
Messages: | 465,437 |