The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spam ddos portscan Reduction

Discussion in 'General Discussion' started by dave9000, Feb 19, 2006.

  1. dave9000

    dave9000 Well-Known Member

    Joined:
    Apr 7, 2003
    Messages:
    891
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    arkansas
    cPanel Access Level:
    Root Administrator
    This is mainly for the ISP's and NOC's for use on the core routers and firewalls. I really don't know how well a firewall hosted on the production server will work with this rule set. But if someone wants to test it please post back here with the results.

    http://www.spamhaus.org/drop/index.lasso
    http://www.spamhaus.org/drop/drop.lasso

    We implemented this rule set on our core firewall and our spam e-mails went to almost nothing. Also portscans and exploit attempts dropped to half.

    The list is updated daily and appears to be pretty accurate.

    We are dropping all traffic from these networks and has not caused any issues at all.

    Also Spamhaus is going to make this rule set available via BGP and AS# soon so the core routers will be able to pick up changes in the list dynamically
     
    #1 dave9000, Feb 19, 2006
    Last edited: Feb 19, 2006
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    It should work well on a software (iptables) firewall since their using CIDR's and the list is relatively small - interesting. Won't work directly with APF but a simple formatting script should do it.
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    In fact, you can use it directly in APF, though APF will bitch and moan about the stuff after ;, but it still works:

    Code:
    GD_URL="www.spamhaus.org/drop/drop.lasso"        # glob_deny.rules url (no *://)       
    GD_URL_PROT="http"                           # protocol for use with wget
    
     
Loading...

Share This Page