On Saturday 28 January 2006 19:11, Scott Ruckh wrote:> What is the functional purpose of blacklists? No need to post the URL to
> blacklists, because I have read it.
>
> Are blacklists just an aid to keep logs tidy? Is it more efficient to
> block source IPs using blacklists rather then by policy or rules?
My understanding is that Blacklisted IPs or IP ranges get dumped
real early, preventing you from having to deal with the packets
via any rules.
Its much easier to ad an IP or IP range in a blacklist file
than to write a rule.
Currently I have almost all of Korea blacklisted with respect
to port 25 to prevent spammers.
--
John Andersen - NORCOM
http://www.norcomsoftware.com/
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642