On 6/29/2016 11:50 AM, Shivram Krishnan wrote:
Hello Antony,
We will be getting headers from our University. The only reason why we
want other list is that we are tailoring Blacklists for specific
networks, to see how these blacklists perform. The idea being , your
network may not be seeing the same attack vectors as what the USC
network sees.
Also getting the IP's in anonymized last octet would also help , as we
are creating Blacklists in terms of Prefixes.
You should look at what masscheck does. Instead of uploading messages to
get tested, masscheckers run the rules against their corpus locally and
upload the match set.
Provide a mechanism for people to generate their own results, which they
can upload with absolutely no identifying information.
