rDNS Column in Current IDS Blocks
Idea shared by Scarab - 12/29/2015 at 1:34 PM
I've long thought that the one thing the Current IDS Blocks has been sorely needing is a rDNS column!
The reason being is that it is common (especially on Incoming Gateways) for legitimate sources to get frequently blocked for Harvesting or DDoS (such as Constant Contact, Google, AOL, Microsoft, Yahoo!, Craigslist, etc), and it is difficult to verify at a glance which IPs should be deleted without manually doing a rDNS lookup for each and every IP Address in the list to find out who they belong to (whereas a rDNS of oms-a012e.mx.aol.com, ccm233.constantcontact.com, mxo5f.craigslist.org, ch1gmehub08.msn.com are all a lot easier to distinguish at a glance). With a Current IDS Blocks > 500 entries it becomes impossible to manage without a rDNS column.
Granted, I imagine that such could potentially be CPU & Memory intensive so it's probably something that would have to be an option that can be enabled/disabled.

Reply to Thread