Re: [SAtalk] RD - Here is a rule to check for Verisign redirect domain

Chris Trudeau Wed, 17 Sep 2003 08:06:43 -0700

While you are correct...in that I looked up the wrong address (silly me)...


Not sure how this rule (from original message)

> > > > header  __DNS_SITEFINDER eval:check_rbl_from_host('sitefinder', '.')
> > > > tflags  __DNS_SITEFINDER net
> > > > header  SITEFINDER_IP  eval:check_rbl_sub('sitefinder',
'64.94.110.11')
> > > > describe SITEFINDER_IP  From: resolves to a verisign hijacked
domain.
> > > > score  SITEFINDER_IP  1.5

Would    "easily keep up with any ip changes that might happen"

??What am I missing??

CT





----- Original Message ----- 
From: "Jon Gabrielson (by way of Jon Gabrielson
<[EMAIL PROTECTED]>)" <[EMAIL PROTECTED]>
To: "Chris Trudeau" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Wednesday, September 17, 2003 10:27 AM
Subject: Re: [SAtalk] RD - Here is a rule to check for Verisign redirect
domain


> The correct way to do this is not "nslookup sitefinder.verisign.com",
> but rather "nslookup www.safsdafdsfadsfsdafadsfdsaf.com" or some
> other garbage address.
> If you program spamassassin to do this, you can easily keep up
> with any ip changes that might happen.
>
>
> Jon.
>
> On Wednesday 17 September 2003 08:59 am, Chris Trudeau wrote:
> > this IS good, but now go and update the address:
> > > sitefinder.verisign.com
> >
> > Server:         127.0.0.1
> > Address:        127.0.0.1#53
> >
> > Non-authoritative answer:
> > Name:   sitefinder.verisign.com
> > Address: 12.158.80.10
> >
> >
> > CT
> >
> >
> > ----- Original Message -----
> > From: "Daniel Quinlan" <[EMAIL PROTECTED]>
> > To: "Fred" <[EMAIL PROTECTED]>
> > Cc: <[EMAIL PROTECTED]>
> > Sent: Wednesday, September 17, 2003 2:22 AM
> > Subject: Re: [SAtalk] RD - Here is a rule to check for Verisign redirect
> > domain
> >
> > > "Fred" <[EMAIL PROTECTED]> writes:
> > > > Here's a quick rule I just made in response to Verisign's actions.
> > > >
> > > >
> > > > header  __DNS_SITEFINDER eval:check_rbl_from_host('sitefinder', '.')
> > > > tflags  __DNS_SITEFINDER net
> > > > header  SITEFINDER_IP  eval:check_rbl_sub('sitefinder',
'64.94.110.11')
> > > > describe SITEFINDER_IP  From: resolves to a verisign hijacked
domain.
> > > > score  SITEFINDER_IP  1.5
> > >
> > > Ah, abuse of the DNS code, I like it!
> > >
> > > Daniel
> > >
> > >
> > > -------------------------------------------------------
> > > This sf.net email is sponsored by:ThinkGeek
> > > Welcome to geek heaven.
> > > http://thinkgeek.com/sf
> > > _______________________________________________
> > > Spamassassin-talk mailing list
> > > [EMAIL PROTECTED]
> > > https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
> >
> > -------------------------------------------------------
> > This sf.net email is sponsored by:ThinkGeek
> > Welcome to geek heaven.
> > http://thinkgeek.com/sf
> > _______________________________________________
> > Spamassassin-talk mailing list
> > [EMAIL PROTECTED]
> > https://lists.sourceforge.net/lists/listinfo/spamassassin-talk



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] RD - Here is a rule to check for Verisign redirect domain

Reply via email to