On 12/04/2019 17:01, Mike Bird wrote: > On Fri April 12 2019 08:41:10 Michael Howard via trinity-users wrote: >> Of course it's possible to block millions, if you have their IPs. It >> wouldn't be efficient but then 'millions' are not brute force attacking >> my, or your, or deloptes system at any one time. If they were, it would >> be pointless anyway. The point is, if you have a regularly updated list >> of known spam IPs, which we do, and you use a decent firewall, which I >> do, you can prevent a huge amount of brute force attacks by just >> dropping the connection. > I'm unclear what you're referring to as your "regularly updated list". > > Is this SYN rate limiting or fail2ban or a manually maintained list > or something else? > I'm referring to 'block' lists, as provided by spamhaus.org and dshield.org for example, which are made available to everybody and can be downloaded as frequently as one likes/needs. As an added barrier, I also have my own list of blocked IPs. These are IPs which are not on the above lists that repeatedly connect, trying different username/password combinations in succession. This list is not permanent because as you say, they could well be infected� slaves. -- Mike Howard