Spamhous list implementation

russkz · December 21, 2015, 3:23am

Gents,

Could you please share your thoughts on such implementation:

“http://joshaven.com/resources/tricks/mikrotik-automatically-updated-address-list/”

Does it really make sence? What pros and cons?

Would appreciate your thoughs on this

Thank you

ConnectivityEngineer · December 22, 2015, 6:42am

Joshaven is TOP NOTCH.

I have met him personally, done dinner etc with his family.
He knows his stuff !!!

I would however suggest you use his script BUT pull the data into / from your own source.

WHY? because if his server ever were to go offline - simply said - your solution would STOP working

If you setup a location on your own Servers and download the data and then source you would simply need to change the following in his script

/tool fetch url="http://joshaven.com/**********.rsc

to

/tool fetch url="http://yourownserver.goeshere/*********.rsc

IntrusDave · December 24, 2015, 1:27am

I do much the same thing with the script I posted here:

http://forum.mikrotik.com/t/blacklist-filter-update-script/89817/1

I also posted what I consider to be my default filter rules. The lists that I generate are dynamic address-list entries, so that their are much fewer NAND/Flash writes.

Zorro · December 24, 2015, 2:37am

its do “make sense”(but community-drive alternatives like DSPAM
http://dspam.nuclearelephant.com/) may be even Better.
but presently importing/using large blacklists into ROS cause config breaking and/or router unpredictable behavior. in 6.5-6.10 its was worked ~ fine and earlier.
in past - i was used to used both Peter Lowe ad blocking list http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext
and one of malwaredomains black lists http://mirror1.malwaredomains.com/files/BOOT
and team cymru -supplied full bogon list http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt

you just blackhole then in “static” overrides in you DNS services options/DB.
(fullbogons go into “adress list” and then dropped/rejected in conntrack aswell)
its come handy especially in public networks connected hosts/endpoints(say if someone, visiting web-services and other public, populated parts of web-space), since nearly 25-30% offenses or Intel-gathering attempts come from bogons and significant part of exploitation attempts. - from “long lifetime” malware domains.