06 Jul 15 11:07, you wrote to MATT BEDYNEK:

 MB>> It is like fishing.  Cast a line in the water and eventually you get
 MB>> a bite. For these dictionaries are used to crack passwords.  The only
 MB>> guessing is in username.  Believe it or not these work quite well
 MB>> when the work is distribu among hundreds of compromised zombie hosts.
 MB>> If you can change your pop ser port it is recommended to close that
 MB>> hole entirely.

 DS> With VADV32, I've blocked all email IP's, except the incoming ones
 DS> from my email server. If they repeatedly try to crash the deal here,
 DS> it ends up in the cached IP file (which then refuses the connection
 DS> entirely), or I'll put it in the blocked IP address...same result.

the thing i never liked about doing that is that it leaves the server to
deal with the rejections instead of serving answers to requests... one can
be DDoSed by simply having rafts and rats of blocked IPs hitting all at
once for a sustained period... i prefer a dedicated protection system for
that purpose... then there's the thing about dynamic IPs being in the block
lists... most of those are from compromised machines that get cleaned up
and/or get a new IP... when that happens, the old blocked IP is taking up
room and shouldn't be in the list any more since it is no longer
dangerous...

the system i use blocks only known attacks and for a limited random time
limit after which the IP is removed from the block list... as long as the
attacking IP tries to connect, the blocking limit is extended... the only
way out is for them to move on to another system and let the blocking
period elapse... that allows them to connect normally again and if they
start another attack, they are blocked again... the system works very well
and i do not end up with thousands of blocked IPs to try to manage
manually... my blocking system is currently managing an average of 300
blocked IPs instead of thousands upon thousands... since it is also
automated, i'm not burdened with having to maintain the lists of IPs... i
tried that one time before implementing my current system and found myself
spending 10 - 12 hours a day doing nothing but IP management and not
getting anything else done at all...

)\/(ark

... We all know you're a masticator.
---