On Fri April 12 2019 09:44:07 Michael Howard via trinity-users wrote:
> I'm referring to 'block' lists, as provided by spamhaus.org and
> dshield.org for example, which are made available to everybody and can
> be downloaded as frequently as one likes/needs.

Spammers have rather different characteristics than the attackers
attempting to hack systems and guess passwords.

> As an added barrier, I also have my own list of blocked IPs. These are
> IPs which are not on the above lists that repeatedly connect, trying
> different username/password combinations in succession. This list is not
> permanent because as you say, they could well be infected� slaves.

Infected PCs attempting to guess passwords and exploit bugs number
in the millions, with thousands of changes every day.

What is needed is defense in depth including staying up to date on
security patches, careful software configuration including firewalls,
various forms of packet rate limiting, encryption, fail2ban, reverse
DNS checks, SPF/DKIM, spam filters, and malware scanners.

--Mike