* * * * *

                           Spam from bogus IP space

Earlier today (okay, technically yesterday) I came across the concept of
bogons [1], or IP (Internet Protocol) address not officially allocated for
use. They even provide a current list of non-routed IP blocks [2]. Curious
about the effect of using said list to block potential spam, I setup a test,
consisting of 565,012 tuples (we've stepped up testing of the greylist daemon
[3] over the past week) previously processed (I'm keeping some extensive logs
here), added the 6,803 IP blocks not allocated, and let it rip.

An hour and a half later, I had my answer.

Of 565,012 tuples processed, only 6,117 came from non-allocated IP space.

It's a little over 1%.

I don't think it's worth adding the non-allocated IP space to the greylist
daemon. Not that it makes the daemon run slower, it's just that an IP list of
that size takes up quite a bit of memory due to the trie structure [4] used
to store the table, and for such a small gain, I don't feel it's really worth
it.

[1] http://www.completewhois.com/bogons/
[2] http://www.completewhois.com/bogons/data/bogons-cidr-all.txt
[3] gopher://gopher.conman.org/0Phlog:2007/08/16.1
[4] http://en.wikipedia.org/wiki/Trie

Email author at [email protected]

You are viewing proxied material from gopher.conman.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.