View Single Post
  #4   (View Single Post)  
Old 18th January 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Thank you, e1-531g! I'd missed that article.

Bayesian filters apply to content-related abuse, such as spam traffic. But they don't apply to other types of abuse, such as SSH authentication attacks, or DDOS.

I noted that two of those polled by the author (Ullrich, Klein) recommend blocking /64s as the equivalent of blocking a single address. Though Johaness Ullrich admitted, "This may lead to some collateral damage but it is probably the only way to make blacklists effective."

I *am* using that server as an MTA, so it is already using both blocklists and Bayesian filtration.
Reply With Quote