"Our list is bigger than your list". "Can we see it?". "No"
Extraordinary claims require extraordinary evidence
Threat intelligence firm RecordedFuture says popular web blacklists are missing thousands of IP addresses linked to malware data theft. The Massachusetts company, which boasts it's scored four out of five "top companies in the world" as clients, says correlating IP addresses to malware references yields between a thousand and …
This post has been deleted by its author
Are the IP's dynamic?
Zombies on changing addresses may not be on any list until they activate that day.
I have one domain that mainly gets spam, 99% of the junk gets trapped by fail2ban so the list is (currently) quite effective for that botnet.
Changed the handshake time too (block those who send before), a fair amount of zombie spam doesn't even get to try.
Zombies on changing addresses may not be on any list until they activate that day.
Exactly. Anybody who's been watching connection attempts from the open net will have seen the ever changing IPs from attackers who obviously have huge IP blocks available. I'm pretty sure that RecordedFuture knows that and are just saying stuff to get more attention - and perhaps impress some of their corporate clients who've never looked at server logs in their life.