nanog mailing list archives
Re: RBLs in use
From: "Chris Lewis" <clewis () nortelnetworks com>
Date: Thu, 20 Nov 2003 12:06:35 -0500
Suresh Ramasubramanian wrote:
You need a fairly wide coverage of BLs.
# Open proxies - http://opm.blitzed.org and http://proxies.blackholes.easynet.nl
I would add the SORBS http and SORBS socks lists to this.
# Open relays - http://www.ordb.org
I'd add VISI to that too.
# Dialup and DSL/cable dynamic IPs - http://dynablock.easynet.nl # Current spam sources - http://cbl.abuseat.org [strongly recommended]
CBL tends to list only open proxies and spam trojans, but there's a few "classic viri emitters" (ie: Yaha) and a _very_ small number of "grossly misconfigured mail servers" in it too. All of which you want to know about anyway.
What you can do is do zone downloads of the open relay/proxy/CBL lists above and correlate them to your own netblocks. _Very_ helpful in finding compromised systems.
With dynablock, you may want to audit it for accuracy against your IP allocations. They're responsive to update requests.
SBL/SPEWS identifies your spammers. But as Suresh says, be careful to interpret the SPEWS listings correctly, so you nail the spammer, not the collateral damage.
There are a lot more DNSBLs, but the above ones are the most respected, important and useful for your purposes. XBL & Spambag, for example, are too rabid to worry about. Anybody who uses them gets what they deserve.
Current thread:
- RBLs in use Paul S. Brown (Nov 20)
- Re: RBLs in use todd glassey (Nov 20)
- Re: RBLs in use Paul S. Brown (Nov 20)
- Re: RBLs in use Suresh Ramasubramanian (Nov 20)
- Re: RBLs in use Chris Lewis (Nov 20)
- Re: RBLs in use Paul Vixie (Nov 20)
- Re: RBLs in use Paul S. Brown (Nov 20)
- Re: RBLs in use Kai Schlichting (Nov 20)
- Re: RBLs in use todd glassey (Nov 20)
- Re: RBLs in use David A. Ulevitch (Nov 20)
- <Possible follow-ups>
- Re: RBLs in use Suresh Ramasubramanian (Nov 20)
- Re: RBLs in use Tom (UnitedLayer) (Nov 20)
- Re: RBLs in use Matthew Sullivan (Nov 20)
- Re: RBLs in use Matthew Sullivan (Nov 20)
- Re: RBLs in use Michael Moscovitch (Nov 20)