(gaak .. make that 759 queries, 709 NXDOMAIN, and 48 that appear somehow
.. the rest of what's below is correct).
~Mike.
Michael Holstein wrote:
SORBS marks TOR servers as zombie spammers I believe.
Um, in the interest of settling this argument :
grep router cached-routers |grep -v signature |awk -F " " '{print "host
"$3".dnsbl.sorbs.net"}' |sh
(most return NXDOMAIN, meaning not listed by SORBS). The ones that do,
return the database in which they're listed as the last octet.
http.dnsbl.sorbs.net 127.0.0.2
socks.dnsbl.sorbs.net 127.0.0.3
misc.dnsbl.sorbs.net 127.0.0.4
smtp.dnsbl.sorbs.net 127.0.0.5
new.spam.dnsbl.sorbs.net 127.0.0.6
recent.spam.dnsbl.sorbs.net 127.0.0.6
old.spam.dnsbl.sorbs.net 127.0.0.6
spam.dnsbl.sorbs.net 127.0.0.6
escalations.dnsbl.sorbs.net 127.0.0.6
web.dnsbl.sorbs.net 127.0.0.7
block.dnsbl.sorbs.net 127.0.0.8
zombie.dnsbl.sorbs.net 127.0.0.9
dul.dnsbl.sorbs.net 127.0.0.10
badconf.rhsbl.sorbs.net 127.0.0.11
nomail.rhsbl.sorbs.net 127.0.0.12
Of the 887 IPs I have in my cached-routers file, 709 return NXDOMAIN.
The others :
0 http.dnsbl.sorbs.net
0 socks.dnsbl.sorbs.net
0 misc.dnsbl.sorbs.net
0 smtp.dnsbl.sorbs.net
2 *.spam.dnsbl.sorbs.net
0 web.dnsbl.sorbs.net
0 block.dnsbl.sorbs.net
0 zombie.dnsbl.sorbs.net
46 dul.dnsbl.sorbs.net
0 badconf.rhsbl.sorbs.net
0 nomail.rhsbl.sorbs.net
So, according to SORBS, they're blacklisted because they're in dynamic
IP ranges
Cheers,
Michael Holstein CISSP GCIA
Information Security Administrator
Cleveland State University
