1 |
> > Also take a note that there are no "known-compromised hosts" |
2 |
> |
3 |
> What about hosts listed in RBLs? |
4 |
> http://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists. It |
5 |
> would be interesting to see if how much correlation there is |
6 |
> between ssh brute forcing bots and the contents of the various lists. |
7 |
|
8 |
Maybe http://wiki.duskglow.com/tiki-index.php?page=Packetbl "PacketBL is a program that uses DNS blocklists to determine whether to accept or reject packets" |
9 |
|
10 |
Used with dnsbl.ahbl.org "Aggregate zone, contains UCE/bulk email senders, open proxies, open relays, trojaned/infected machines, comment/trackback spammers" |
11 |
|
12 |
would be a good solution. |