On Fri, Mar 15, 2013 at 02:39:17PM -0500, David B Funk wrote:
> On Fri, 15 Mar 2013, Christian Recktenwald wrote:
>
> >On Fri, Mar 15, 2013 at 10:38:53AM -0500, Dave Funk wrote:
> >>On Fri, 15 Mar 2013, Kevin A. McGrail wrote:
> >>
> >>>On 3/15/2013 9:17 AM, Tom Kinghorn wrote:
> >>> On 15/03/2013 15:11, Christopher Nido wrote:
> >>>
> >>>
> >>>http://www.naturalstonesinc-munged.com/aah/pabfjd/pgrezs
> >
> >>... listing the URLs in some kind of RBL will be probelmatic for FPs.
> >
> >not really: The part 'aah/pabfjd/pgrezs' is most likely[tm] not
> >used in normal operation of this site.
>
> The whole raison-detre for RBLs is that they're lists that can be
> implemented via the DNS system (created, updated, distributed, queried,
> etc).
> As such they can -only- contain IP addresses or hostnames, NOT URLs.
that's not exactly right. I've been distributing other data via
DNS for quite some years now like temperature[1], OUIs (mac addresses
prefixes)[2]
and originating time stamps[3] just to name some.
For demonstration purposes please just try:
dig +short txt
http://www.naturalstonesinc-munged.com/aah/pabfjd/pgrezs.url.rbl.citecs.de.
you would get
"1363389581"
which is the epoch timestamp[3] the entry was created.
Why does this work? It's because it uses TXT records, not A or PTR
records. Maybe there would be some funny characters I did not think of
right now - then, some quoting would help.
Creating another rbl providing compromized email addresses would be the
same thing.
So, this was the easy part.
More challenging (at least to me): where would one collect the data to
constantly feed this lists? Some kind of honeypot or something?
[1] dig +short txt janus.temp.citecs.de
This is the actual outside temperature near where I live, updated
every minute.
[2] dig +short txt 00:00:00.eth.citecs.de.
[3] So, there's an additional benefit to publish the timestamp the entry
was created: the one using the rbl may decide by herself how old
entries they wish to rely on - some feature most other rbls don't provide.
If there are reasonable suggestions I could provide a DNS with dynamic
updating for a test or even production if it turns out to work.
