18 Aug
2007
18 Aug
'07
5:45 p.m.
On a dynamic IP with that short a TTL ? If they had a legitimate reason then most likely they would use dyndns or similar. I think the argument about them using IP links is a non starter. Blacklist em.
I apologize. I think I am explaining myself very poorly. Let me try one more straightforward example:
You have two customers (A & B) of an ISP that uses DHCP. Customer A gets an IP address, has a storm infection and sends out some emails that list his IP address (or possibly even other machines in the P2P Storm Network).
A few minutes, hours, days, whatever later, Customer B of the same ISP gets the same DHCP address. Customer B will now be a victim of FPs for anyone using the list being discussed.
Regards, KAM