abuse@ and postmaster@ in the modern world?

David Cantrell david at cantrell.org.uk
Fri Nov 17 20:31:21 GMT 2006


On Fri, Nov 17, 2006 at 03:28:58PM +0000, Peter Hickman wrote:
> David Cantrell wrote:
> >On Fri, Nov 17, 2006 at 11:34:35AM +0000, Dave Hodgkinson wrote:
> >>You've blacklisted Korea then?
> >Yes, and China, and a shitload of other stuff too.
> Not quite OT but how many ip addresses are people firewalling on their 
> home machines? I've just stepped over the 11k mark and an starting to 
> wonder if my firewall will start to have problems with this ever 
> increasing list. Am I normal or just paranoid?

If you blacklist 11,000 individual addresses, the machine will have to
search through the whole list for matches - on average for a hit it'll
have to do 5,500 comparisons, for a miss it'll do 11,000.  So don't list
addresses, list networks.  eg, one of the entries in my list is
59.192.0.0/10, which covers several million addresses.

That's a Chinese netblock, FWIW.

Of course, 11,000 ints in a list is a piddling little list and searching
it will take exactly no time at all.  Even so, listing netblocks instead
of individual addresses lets you pre-emptively list the bad places and,
being a shorter list, it'll be easier to keep up-to-date.

-- 
David Cantrell | http://www.cantrell.org.uk/david

  Irregular English:
    you have anecdotes; they have data; I have proof


More information about the london.pm mailing list