John Hardin wrote:
On Tue, 16 Sep 2008, Marc Perkel wrote:
Looking from opinions from people running rbl blacklists.
I have a list that contains a lot of name based information. I'm
about to add a lot more information to the list and what will happen
is that when you look up a name you might get several results. For
example, a hostname might be blacklisted, be in a URIBL list, be in a
day old bread list, and a NOT QUIT list. So it might return 4 results
like 127.0.0.2, 127.0.0.6, 127.0.0.7, 127.0.0.8.
Is this what would be considered "best practice". My thinking is that
having one list that returns everything is very efficient.
Isn't general practice to bitmap the last octet if you're going to
convey multiple pieces of information?
If you have a situation where there might be more than one "answer" for
a given query, and you are content with having a maximum of 7 possible
answers, then... again, if both of these these things are true... then
the best system by far is the following:
.2 = situation #1
.4 = situation #2
.8 = situation #3
.16 = situation #4
.32 = situation #5
.64 = situation #6
.128 = situation #7
As multiple situations occur, add together the octets above. For
example, .138 would mean that situations #1, #3, & #7 happened.
That way, anywhere from one to all seven attributes can be encapsulated
as one single number, with any combination of these being clearly
decipherable.
From a programming perspective, do the following:
If octet >= 128 then
#7 happened
octet = octet - 128
End If
If octet >= 64 then
#6 (also?) happened
octet = octet - 64
End If
If octet >= 32 then
#5 (also?) happened
octet = octet - 23
End If
<etc>
Which is a less fancy way of saying what John Hardin said about "bitmap
the last octet"... but I thought that spelling it out this way might be
helpful for some.
--
Rob McEwen
http://dnsbl.invaluement.com/
[EMAIL PROTECTED]
+1 (478) 475-9032
