Community discussions

 
russkz
just joined
Topic Author
Posts: 8
Joined: Wed Jan 28, 2015 4:57 am

Spamhous list implementation

Mon Dec 21, 2015 5:23 am

Gents,

Could you please share your thoughts on such implementation:

"http://joshaven.com/resources/tricks/mi ... ress-list/"

Does it really make sence? What pros and cons?

Would appreciate your thoughs on this

Thank you
 
User avatar
ConnectivityEngineer
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Sat Dec 19, 2015 10:57 pm
Location: Ohio, USA
Contact:

Re: Spamhaus list implementation

Tue Dec 22, 2015 8:42 am

Joshaven is TOP NOTCH.

I have met him personally, done dinner etc with his family.
He knows his stuff !!!

I would however suggest you use his script BUT pull the data into / from your own source.

WHY? because if his server ever were to go offline - simply said - your solution would STOP working

If you setup a location on your own Servers and download the data and then source you would simply need to change the following in his script
/tool fetch url="http://joshaven.com/**********.rsc
to
/tool fetch url="http://yourownserver.goeshere/*********.rsc
Glenn Kelley | MCTNA, MTCWE, MTCTCE, RHCE, RHCSS
http://Connectivity.Engineer
USA Based 24x7x365 Mikrotik, Juniper, Ubiquiti TAC & WISP / ISP Blind Label Support Call Center
 
IntrusDave
Forum Guru
Forum Guru
Posts: 1290
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Spamhous list implementation

Thu Dec 24, 2015 3:27 am

I do much the same thing with the script I posted here:

http://forum.mikrotik.com/viewtopic.php?f=9&t=98804

I also posted what I consider to be my default filter rules. The lists that I generate are dynamic address-list entries, so that their are much fewer NAND/Flash writes.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
Zorro
Long time Member
Long time Member
Posts: 676
Joined: Wed Apr 16, 2014 2:43 pm

Re: Spamhous list implementation

Thu Dec 24, 2015 4:37 am

its do "make sense"(but community-drive alternatives like DSPAM
http://dspam.nuclearelephant.com/) may be even Better.
but presently importing/using large blacklists into ROS cause config breaking and/or router unpredictable behavior. in 6.5-6.10 its was worked ~ fine and earlier.
in past - i was used to used both Peter Lowe ad blocking list http://pgl.yoyo.org/adservers/serverlis ... =plaintext
and one of malwaredomains black lists http://mirror1.malwaredomains.com/files/BOOT
and team cymru -supplied full bogon list http://www.team-cymru.org/Services/Bogo ... s-ipv4.txt

you just blackhole then in "static" overrides in you DNS services options/DB.
(fullbogons go into "adress list" and then dropped/rejected in conntrack aswell)
its come handy especially in public networks connected hosts/endpoints(say if someone, visiting web-services and other public, populated parts of web-space), since nearly 25-30% offenses or Intel-gathering attempts come from bogons and significant part of exploitation attempts. - from "long lifetime" malware domains.

Who is online

Users browsing this forum: MSN [Bot] and 112 guests