I use address *ranges*. ie something like 211.32.0.0-211.71.255.255 This will block 50 Class B's (each Class B has about 65,000 IP addresses) Over time, I have compiled lists of ranges that I can count on to be 1) likely spam/relay sources, and 2) unlikely to ever have a legit need to send us mail. (The one I mention above is mostly the Korea Network Information Center.) It's takes some research, and a lot of look-ups at ARIN, APNIC, and RIPE, but it sure has helped us. Note that I *only* block port 25 - I do not want to interfere with http or DNS traffic. (I act as a small ISP.) I am also NOT advocating this for everyone - I'm just describing a process and its results. ;-) >Thank you, but how do you block at the firewall when they are all >coming from different ISP addresses? You have to enter each one >individually right? One person has gotten over 90 in one week, that >will certainly be timing consuming, but they may try it anyway as it >has been a real headache. Wouldn't it be easier for the ISP to block >before the mail is sent out to all their customers? Thanks, Have a >great day, Heidi > > >----- Original Message ----- >From: jeffrey >Sent: Wednesday, May 22, 2002 7:01 AM >To: crime@private >Subject: Re: CRIME Korean spam & Klez > >Though perhaps draconian, I have had great success with blocking most >of the chinese and korean IP space at a firewall (just port 25). Yes, >I get a lot of log entries and, yes, there is a chance I may block a >legit email (someday), but it has reduced that source to the merest >trickle.... > >Most viruses come in as attachments. Most attachments come in with a >.xxx suffix that can be filtered at the mail server level. I haven't >accepted a .com, .vbs, .shr, etc. file via email in a long time, >because of the probability of it being a virus. > > > >>I know of several people who have been having a big problem with >>receiving Korean Spam e-mails. One in particular, receives eight >>plus Korean spam mails per day. This has greatly disrupted their >>business. The information has been sent to the Korean War Project, >>see link below. If you are having any trouble with the Korean spam >>the links below will provide you with more information.
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:43:30 PDT