| 1 |
> > Also take a note that there are no "known-compromised hosts" |
| 2 |
> |
| 3 |
> What about hosts listed in RBLs? |
| 4 |
> http://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists. It |
| 5 |
> would be interesting to see if how much correlation there is |
| 6 |
> between ssh brute forcing bots and the contents of the various lists. |
| 7 |
|
| 8 |
Maybe http://wiki.duskglow.com/tiki-index.php?page=Packetbl "PacketBL is a program that uses DNS blocklists to determine whether to accept or reject packets" |
| 9 |
|
| 10 |
Used with dnsbl.ahbl.org "Aggregate zone, contains UCE/bulk email senders, open proxies, open relays, trojaned/infected machines, comment/trackback spammers" |
| 11 |
|
| 12 |
would be a good solution. |
Archives