On 12/04/2019 17:01, Mike Bird wrote:
> On Fri April 12 2019 08:41:10 Michael Howard via trinity-users wrote:
>> Of course it's possible to block millions, if you have their IPs. It
>> wouldn't be efficient but then 'millions' are not brute force attacking
>> my, or your, or deloptes system at any one time. If they were, it would
>> be pointless anyway. The point is, if you have a regularly updated list
>> of known spam IPs, which we do, and you use a decent firewall, which I
>> do, you can prevent a huge amount of brute force attacks by just
>> dropping the connection.
> I'm unclear what you're referring to as your "regularly updated list".
>
> Is this SYN rate limiting or fail2ban or a manually maintained list
> or something else?
>

I'm referring to 'block' lists, as provided by spamhaus.org and 
dshield.org for example, which are made available to everybody and can 
be downloaded as frequently as one likes/needs.

As an added barrier, I also have my own list of blocked IPs. These are 
IPs which are not on the above lists that repeatedly connect, trying 
different username/password combinations in succession. This list is not 
permanent because as you say, they could well be infected� slaves.

-- 
Mike Howard