A single solution will never catch all spyware and malware. A layered, defense-in-depth approach is needed. This includes antivirus/antispyware protection, proxy servers, domain blocking via blackhole-DNS, and blocking by IP addresses and netblock.
Blocking by IP address or netblock is a compliment to any domain or url-based blocklist*. Here is the story of one ISP who blocked known RBN netblocks.
Here are a few IP lists to consider:
- Dshield.org recommended block list (http://feeds.dshield.org/block.txt)
- EmergingThreats rules (many contain IP addresses): (http://www.emergingthreats.net/rules/)
- EmergingThreats RBN (http://doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork)
- Spamhaus Drop List (http://www.spamhaus.org/drop/drop.lasso)
- The Harimau Watchlist (down? http://watchlist.security.org.my/watchlist)
- MaliciousNetworks.org IP Blocklist (http://maliciousnetworks.org/fire-blocklist.txt)
If you know of any other high-quality lists, please contact us and we’ll summarize.
* Yes, we understand that some valid sites may be blocked. Any blocklist needs to be frequently-updated to reduce the blocking of legit sites….