[Info-vax] Anti-virus ?
Johnny Billquist
bqt at softjar.se
Tue Aug 15 16:47:13 EDT 2023
On 2023-08-15 05:04, Dave Froble wrote:
> On 8/14/2023 10:10 PM, bill wrote:
>> On 8/14/2023 7:04 PM, Johnny Billquist wrote:
>>>
>>> However, yes, there is a "defence" mechanism. If the system detects a
>>> lot of
>>> "bad" traffic from an address, it will eventually get blocked, and
>>> the block
>>> will only drop once there is no traffic from that address for a
>>> certain amount
>>> of time. And of course, if they start abusing again, they will get
>>> blocked again.
>>
>> Why would you ever unblock it?
>>
>> bill
>>
>>
>
> One of the major problems, at least in my mind, of blocking is that
> there may come a time when traffic from some source might be something
> you actually want to receive. Doubtful? Likely. But, never say never.
Unlikely, yes. But even unlikely, it does happen, I bet.
> I think Johnny's practice is great, block when necessary, but, leave
> your options open. Like he writes, when needed to block, it happens.
>
> Almost thinking about asking for his design ... maybe not, I've grown
> lazy.
It probably wouldn't be easy to adopt to anywhere else. I have hooks all
over both IP, UDP, ICMP, TCP and various daemons which all report
potential abuse to my abuse tracker...
It helps when you write the whole network stack yourself... ;-)
But if you want to, I can certainly share a lot of details on how it works.
Johnny
More information about the Info-vax
mailing list