<p>Don't see a big issue there. As long as you pick the number of transgressions relatively high and your expiry time reasonable. I've been thinking about this for a while, but don't do it because it would mess up the statistics I provide for management to "prove the need for funding".</p>
<p>I am doing this for ssh and pop3/imap, using SEC to auto-create iptables rules, to stop brute force attacks.</p>
<p> </p>
<p>On Tue, 27 Apr 2010 20:22:08 +0100, Jason Ede <J.Ede@birchenallhowden.co.uk> wrote:</p>
<blockquote style="padding-left: 5px; border-left: 2px solid #1010ff; margin-left: 5px; width: 100%;"><!-- html ignored --><!-- head ignored --><!-- meta ignored --><!-- meta ignored --><!-- < /* Font Definitions */ @font-face         {font-family:"Cambria Math";         panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face         {font-family:Calibri;         panose-1:2 15 5 2 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal         {margin:0cm;         margin-bottom:.0001pt;         font-size:11.0pt;         font-family:"Calibri","sans-serif";} a:link, span.MsoHyperlink         {mso-style-priority:99;         color:blue;         text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed         {mso-style-priority:99;         color:purple;         text-decoration:underline;} span.EmailStyle17         {mso-style-type:personal-compose;         font-family:"Calibri","sans-serif";         color:windowtext;} .MsoChpDefault         {mso-style-type:export-only;} @page Section1         {size:612.0pt 792.0pt;         margin:72.0pt 72.0pt 72.0pt 72.0pt;} div.Section1         {page:Section1;} --> <!-- xml ignored --><!-- o ignored --><!-- endif ignored --><!-- xml ignored --><!-- o ignored --><!-- o ignored --><!-- endif ignored -->
<div class="Section1">
<p class="MsoNormal"><!-- o ignored --> </p>
<p class="MsoNormal">We’re debating blocking (using IPTables) IP’s that register more than a set number of rejections (554 from spamhaus and other blacklists or persistently try random address@domain). Before we actually implement this I’m wondering if there can be any problems with this method? It will only be used for IP’s that try to connect a significant number of times and we’ll have an expiry on each IP so the blocklist doesn’t keep growing indefinitely.<!-- o ignored --></p>
<p class="MsoNormal"><!-- o ignored --> </p>
<p class="MsoNormal">Jason<!-- o ignored --></p>
</div>
</blockquote>
<p> </p>