>-----Original Message-----
>From: kclug-bounces(a)kclug.org [mailto:kclug-bounces@kclug.org]
>On Behalf Of Jack
>--- Frank Wiles wrote:
>> On Sun, 1 May 2005 20:27:02 -0700 (PDT)
>> Jack <quiet_celt(a)yahoo.com> wrote:
>> Just to add to what Dave said...
>>
>> I have a production server that is fairly low end
>> hardware that
>> currently has 2952 iptables rules that block
>> individual IPs, several
>> /24 networks, and a handful of /16s. There is no
>> noticeble impact
>> on the box.
>Wow! That's great news! Ok, so the plan looks rto be
>to add the ipaddresses to iptables and change the port
>for sshd. Other ports are being probed and attacked,
>but not as frequently and not nearly as aggressively.
>I'll modify my blacklist gathering script to
>automatically add the new addresses to iptables and
>send me an email listing the new addresses.
>
That would be a nice thing to post for the rest of us to look at. The
script that is. And I what do you guys recommend for a group of Ips for
default block, such as the Korean and Chinese blocks, or a site that
lists recommendations like this. Is mapsrbl still active and valid?