On Tue, 20 Sep 2016 15:24:52 +0000 Shawn Bakhtiar wrote: > > On Sep 20, 2016, at 8:13 AM, RW <rwmailli...@googlemail.com> wrote: > > > > On Tue, 20 Sep 2016 14:34:02 +0000 > > Shawn Bakhtiar wrote: > > > >> If you are strictly looking to block by IP addresses this is a far > >> better task left to the firewall, and configured by networks not > >> individual IP addresses. > > > > It shouldn't really be about blocking, it's about biasing the > > score. > > > > > > I humbly disagree.... > > I find it interesting that most ISP's will block incoming connections > like port 80 so home users can't run their own web servers, > effectively forcing them to use providers for services "in the name > of security" but when it comes to outgoing connection they take no > measures what so ever. > > Mind you, I'm not taking about blocking HTTP or DNS. I simply block > them on the SMTP gateway (kernel level firewall), this reduces > directed spearfishing by a lot when I catch it early enough. Of > course it usually means getting into the office at 5 AM and waddling > through the honeypot email address to see where the next attack is > coming from. :P
That's a different matter, the thread is about using geoip information.