We actually use it now and its fine for what it does – however, I don’t think it provides a real integrated solution.
-Charlie
MIDAS looks interesting...a little confusing at first to setup but not too bad once you figure out what the various MIDASa/b/c/etc things do (Still working on that part... 
)
Hi all
Sth I want to clarify:
1/
240.0.0.0/5 - Class E Reserved
248.0.0.0/5 - Unallocated
Sometimes I got it should /4 or /5 ?
240.0.0.0/4 - Class E Reserved
248.0.0.0/4 - Unallocated
2/ Can I block it in the firewall for
"255.255.255.255/32 - Broadcast"?
deny ip from any to 255.255.255.255/32
deny ip from 255.255.255.255/32 to any
3/ I got the following. ls it normail?
why there is connection to the broadcast address
tcp 0 1 202.64.230.8:33397
192.168.255.255:25 SYN_SENT
Deny TCP 202.64.230.8:33021 10.254.254.254:25
Deny TCP 202.64.230.8:57798 172.21.143.58:25
Thank you so much
Hi all
Sth I want to clarify:
1/
240.0.0.0/5 - Class E Reserved
248.0.0.0/5 - Unallocated
Sometimes I got it should /4 or /5 ?
240.0.0.0/4 - Class E Reserved
248.0.0.0/4 - Unallocated
Look at the official list(tm):
http://www.iana.org/assignments/ipv4-address-space
2/ Can I block it in the firewall for
"255.255.255.255/32 - Broadcast"?deny ip from any to 255.255.255.255/32
deny ip from 255.255.255.255/32 to any
You can block anything you like
3/ I got the following. ls it normail?
why there is connection to the broadcast addresstcp 0 1 202.64.230.8:33397
192.168.255.255:25 SYN_SENT
255.255 or anything ending in 255 doesn't need to be a broadcast
interface. Welcome to the wonderful world of CIDR 
I guess you might want to take a look at:
Greets,
Jeroen
[snip]
> 3/ I got the following. ls it normail?
> why there is connection to the broadcast address
>
> tcp 0 1 202.64.230.8:33397
> 192.168.255.255:25 SYN_SENT255.255 or anything ending in 255 doesn't need to be a broadcast
interface. Welcome to the wonderful world of CIDR
This is probably a bounce headed toward deliberately broken MXes - anyone
else seeing a lot of this lately? (tons of domains with conspicuously
common nameservers, serving up unreachable A/MX and hosing queues)
J.
Better block the internet in that case
I heared of BGP feeds that provide 'questionable prefixes' so that one
can nicely nullroute those using that system.
I still am of the opinion that only accepting verifyable PGP signed mail
could slow spammers down a bit, then at least the spambot took the time
of generating, distributing and letting people trust the spambots key.
Maybe trow in some trust metric ala advogato!? Then again, the spambots
will simply find the preconfigured key from an infected user and start
using that, save passwords ole, at least one then knows the source it is
coming from is really also able to sign it that way, thus most likely is
the problem person, unless the virus of course redistributes the pgp
keys using some nice p2p algo to other worms. (ohoh 
This would at
least take away most of the virusses sending random sources. But getting
everybody to do PGP-signed mail is asking the same thing as asking
people to turn of sending html emails, A somewhat similar scheme does
work for RIPE-db updates, but the people submitting there have probably
some clue on how to configure their boxes and unfortunately we are of
course talking about $lusers. Spam already lost it from virusses and the
spam coming forth from misconfigured antivirus tools sending 'hi you
send a virus' alike messages. Above setup should be able to work for
closed communities like mailinglists where only a few number of people
post, if you want to post, sign your message, mailinglist software could
then verify the key and only pass it on if the member is subscribed and
the signature is valid. A virus picking random addresses and sending to
existing messages in the mailbox, thus having 'valid' source/dest
combinations doesn't make much of chance then unless it figures out the
pgp key and the password. Then again I just might be a ...
http://www.rhyolite.com/anti-spam/you-might-be.html
BTW1: that because you quote above my complete message, my message
becomes part of your signature and my mailer nicely ignores it
BTW2: Ooops... discussing spammy related things on NANOG....
Greets,
Jeroen