-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Heya List
I currently run a VPS which hosts both my mailserver and my tor relay / exit. Recently I sent an email from this mailserver and had it bounce back. It seems the receiving mailserver subscribes to the spambot list CBL (http://cbl.abuseat.org) and denied it because my IP address was on that list. It's on that list since at some point a botnet talking through tor to its C&C server used my exit node to do so - The C&C server has since been replaced with a sinkhole. That was logged, my server was deemed infected and bam, I'm blacklisted. The site that did the blacklisting kindly has a good description of what happended (including the sinkhole IP address) and allowed an automatic delisting. I'm able to update my exit policy so it doesn't happen again, however I'd like a somewhat more proactive approach. So my question is - Does anyone know of a publicly available list of sinkholes created for botnets? If such a list exists I can dynamically update either my exit policy or firewall appropriately. Has anyone implemented such a system already? (obviosuly this only works for sinkholed botnets - but if anyone knows how to stop all botnets I'm all ears....) Cheers Ramo -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iQEcBAEBAgAGBQJTNQpGAAoJEAXQWoW8lug/mdkH/jqK5ndFWbVrRnNV7a8IqgYl 4iiR6TUYLjGEdcz8VDZ+cOkW0uCQkOvD6RWl/kWHKmA4iy7alFgbKE4Lkcg4QgBB 7EgNYww3zBbj1NX5rtRN7POge2n4ns7Y7whw0qbvHXE0ur74iLyy5H3hHZeWoosU g6t9mCsMpEpGAvbkzkDxo+idAdxYe+JiB3iaAAEUDtzeStOG5RJ/qrg8JM+U7ofA bWPehBV8+V8E//4G/XLsePCciBN0071ylg+YoGcxDpM97WHvmQKbi5VU3KfQJFTB AFaQ+7ib1BNhe7KEC7V0Iha6Yu/BTNhDRA/0i1C3pad32HQsfGvep261yq+KBjc= =Wemh -----END PGP SIGNATURE----- _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
