On Fri, 10 Jul 2009, Yet Another Ninja wrote:
On 7/10/2009 6:30 PM, rich...@buzzhost.co.uk wrote:
On Fri, 2009-07-10 at 09:11 -0700, John Hardin wrote:
> On Fri, 10 Jul 2009, Terry Carmen wrote:
>
> > All the supplied domain names have a DNS server in China. It might be
> > worth it to create a rule to based on the link's DNS server's location
> > (Geo IP Lookup).
>
> *that* might actually be a good test, and one that is safer than
> resolving the offending hostname itself. You're not likely to get
> poisoned by a TLD server...
Which is what the Barracuda Real Time Intent engine does...... Looks up
the IP for the AUTH NS, then checks that IP against B/L.
and what's different to the default URIBL_SBL concept ?
From the Spamhaus website:
"Over 60% of spam contains URLs of spammer web sites whose webserver IPs
are listed on the Spamhaus SBL."
We're talking about the IP address of the URI domain's DNS server(s), not
the IP address of the URI webserver itself.
Checking the URI domain's DNS server(s) for geography (probably a pretty
weak test, lots of legitimate sites would have DNS servers in China) or an
explicit IP DNSBL (DNS servers that provide data for a lot of
hostile/spammy domains might be fairly strong).
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Win95: Where do you want to go today?
Vista: Where will Microsoft allow you to go today?
-----------------------------------------------------------------------
10 days until the 40th anniversary of Apollo 11 landing on the Moon
