[ Date Index ][
Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What do people think about implementing this in a firewall? http://www.spews.org/packetreject.html The Anonymous Engineer Presents: Spews, Bourne in 3 for IP in `lynx -dump -width=1000 http://www.spews.org/spews_list_level1.txt | \ grep -v "#" | sed 's/ .*$//gi'`; do /sbin/ipchains -A input -p all -s $IP -d 0/0 -b -j REJECT; done Could be adapted to use iptables too. iptables -t filter -A INPUT -p all -s $IP -d 0/0 -j DROP If you already have a logged drop table, swap DROP for the name of the table, e.g. logdeny - From the FAQ: Why does SPEWS have two levels of listings? What is Level 1? A21: SPEWS publishes two lists. The majority of the Level 1 list is made up of netblocks owned by the spammers or spam support operations themselves, with few or no other legitimate customers detected. We don't even try and educate these types as any past attempts at education have failed. If a known spammer buys a new netblock but hasn't started spamming from it yet, it is still eligible to be listed here. If used, this list should have close to zero inadvertent blocking. Q22: What is Level 2? A22: This includes all of Level 1, plus anyone who is spam-friendly, supporting spammers, or highly suspicious, but not blatant enough to be included in the Level 1 list yet. If it becomes obvious that someone at Level 2 has become a real problem, they will be escalated to Level 1 after some attempt at education. The Level 2 list will have some inadvertent blocking (non-spammer IP addresses listed), but can still be used by small ISPs or individuals who want a stricter level of blocking/filtering. By having a two tiered list, you can make the hardcore spamfighters happy; those who want to block first and ask questions later. Also, a listing in the Level 2 list may exert a bit of pressure on spam friendly sites and may keep them from turning totally bad - but that is not really the point, stopping spam is. =================================== Filtering TCP/IP packets using any blocklisting data is considered a bit controversial by some, in fact, very few SPEWS users implement this level of rejection. The reason being, when traffic is denied at the packet level, the listed site being rejected is unaware this is occurring and sees the lack of a connection as "network trouble." Unlike the bouncing back of an email with a message from a mailserver's spam filter system, there is no feedback to the listed site as to the reason for this trouble. ======================================= The only drawback I can see is a delay fetching the updated list via lynx and increased log activity. That and the (small) chance that someone is innocently caught in Level1. I already use SpamAssassin for all email and with several months of constant use, (and checking the trash each day), I haven't found any emails tagged as spam that I actually wanted to read. To catch the remainder, I was wondering about a more severe approach. The DNS lookup filtering looks far more awkward to setup. http://www.spews.org/filter.html - -- Neil Williams ============= http://www.codehelp.co.uk http://www.dclug.org.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE9+SR0iAEJSii8s+MRAo1KAJ0cAUkObD/9VILd1eA4kRJNBxBFvQCdHJpo 6d+gaMkd3PAAJkQudAQDWmY= =W0AF -----END PGP SIGNATURE----- -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.