Bret Miller wrote: > I keep saying that I have false positives with botnet, but haven't > substantiated that to date. So, today I'm spending a little time making > exceptions since I would like this to work. Here are todays: [snip]
> meridiencancun.com.mx, sent from IP , resolves to > customer-148-233-9-212.uninet-ide.com.mx #more stupidity Here's a good example of why Botnet's default score is too high, those guys at meridiencancun have a so called "Enterprise account" with their ISP, what they get is a fixed IP and no control over reverse DNS, that's why the reverse returns what the ISP configured. Best practices and other fiction don't apply to the real world in cases like this. Yes it can be called stupidity, but in this case is the ISP and the legitimate business can't do much about it; very few ISPs in the .mx zone allow you any control over reverse DNS, perhaps none in the region that hotel operates. [snip] -- René Berber
