Can someone contact openrbl.org and get them to add SURBL to the query?
I use this tool quite often!
Chris Santerre System Admin and SARE Ninja http://www.rulesemporium.com 'It is not the strongest of the species that survives, not the most intelligent, but the one most responsive to change.' Charles Darwin Charles Darwin
On Friday, April 16, 2004, 1:16:58 PM, Chris Santerre wrote:
Can someone contact openrbl.org and get them to add SURBL to the query?
Hi Chris, I principle I agree it could be good to be in openrbl.org, but I also wonder if being listed among the other RBLs might give people the wrong impression they can plug SURBLs into code that looks at headers and not message bodies.
Comments anyone?
Jeff C.
P.S. Please consider joining our discussion list.
On Friday, April 16, 2004, 1:16:58 PM, Chris Santerre wrote:
Can someone contact openrbl.org and get them to add SURBL to the query?
Additional info from http://www.openrbl.org/feedback :
The website openrbl.org:
* is NOT a blocklist or DNSBL * does NOT list domains, only ip-addresses * does NOT block mail or anything else * does NOT remove or retest anything * does NOT secure your mailserver * is NOT operated at the addresses published via DNS those are only dumb proxies to protect against DDOS
Domains are what we mostly have, so if they're not listing domains, then being on openrbl.org may not be too useful.
However, does anyone think that using proxies to the real SURBL name servers might be useful to us.... (or know how to set that up?)
Jeff C.
Jeff Chan wrote:
However, does anyone think that using proxies to the real SURBL name servers might be useful to us.... (or know how to set that up?)
What exactly are you wanting to do? Are you trying to have Tier 1 and Tier 2 servers, where the 2nd level servers will cache the information and cut some of the load from the top level systems?
David
On Friday, April 16, 2004, 3:57:59 PM, David Coulson wrote:
Jeff Chan wrote:
However, does anyone think that using proxies to the real SURBL name servers might be useful to us.... (or know how to set that up?)
What exactly are you wanting to do? Are you trying to have Tier 1 and Tier 2 servers, where the 2nd level servers will cache the information and cut some of the load from the top level systems?
Hi David, I think what they're doing is setting up proxy servers to be the publically listed web servers, where those proxies in turn forward the web requests and traffic to and from the real servers, thus providing some protection against attack.
Am I reading this correctly?
The website openrbl.org:
...
* is NOT operated at the addresses published via DNS those are only dumb proxies to protect against DDOS
I'm wondering if doing the same with DNS traffic would be possible or advisable as a way to protect the name servers. On the other hand if the proxies get DOSsed off the Internet, I'm not sure how much they would be helping at that point...
Jeff C.
Jeff Chan wrote:
I'm wondering if doing the same with DNS traffic would be possible or advisable as a way to protect the name servers. On the other hand if the proxies get DOSsed off the Internet, I'm not sure how much they would be helping at that point...
As one can have multiple NS entries for a zone, DNS has some degree of built in diversity limiting the impact of a box being dead or unavailable for a period of time. My server is not dependent upon Bill Stearns' being up, only that I can continue to rsync frequently for updates, and even if I can't rsync, I can still serve whatever I last grabbed.
As long as you have sufficient variation in your name servers registered with the root name servers, anyone wanting to DDOS SURBL would have to hit a large number of boxes.
David
Hi!
As one can have multiple NS entries for a zone, DNS has some degree of built in diversity limiting the impact of a box being dead or unavailable for a period of time. My server is not dependent upon Bill Stearns' being up, only that I can continue to rsync frequently for updates, and even if I can't rsync, I can still serve whatever I last grabbed.
As long as you have sufficient variation in your name servers registered with the root name servers, anyone wanting to DDOS SURBL would have to hit a large number of boxes.
That, combined with views in the rootservers for the surbl.org domain can be nice to have. Like Clamav mirrors currently work. Depending on the source IP you get a set op nameservers listed. Based mostly on geographic locations.
Bye, Raymond.
On Friday, April 16, 2004, 5:10:50 PM, Raymond Dijkxhoorn wrote:
As one can have multiple NS entries for a zone, DNS has some degree of built in diversity limiting the impact of a box being dead or unavailable for a period of time. My server is not dependent upon Bill Stearns' being up, only that I can continue to rsync frequently for updates, and even if I can't rsync, I can still serve whatever I last grabbed.
As long as you have sufficient variation in your name servers registered with the root name servers, anyone wanting to DDOS SURBL would have to hit a large number of boxes.
That, combined with views in the rootservers for the surbl.org domain can be nice to have. Like Clamav mirrors currently work. Depending on the source IP you get a set op nameservers listed. Based mostly on geographic locations.
OK This sounds like I should be asking our secondaries to carry the surbl.org parent domain also, right? Then I would update the root name servers to list all of them.
Please comment,
Jeff C.
Jeff Chan wrote:
OK This sounds like I should be asking our secondaries to carry the surbl.org parent domain also, right? Then I would update the root name servers to list all of them.
Yep.
David
----- Original Message ----- From: "Jeff Chan"
On Friday, April 16, 2004, 1:16:58 PM, Chris Santerre wrote:
Can someone contact openrbl.org and get them to add SURBL to the query?
Additional info from http://www.openrbl.org/feedback :
The website openrbl.org:
* is NOT a blocklist or DNSBL * does NOT list domains, only ip-addresses * does NOT block mail or anything else * does NOT remove or retest anything * does NOT secure your mailserver * is NOT operated at the addresses published via DNS those are only dumb proxies to protect against DDOSDomains are what we mostly have, so if they're not listing domains, then being on openrbl.org may not be too useful.
If you type a hostname into the form at www.openrbl.org it gets mapped to the corresponding ip and then the results are returned for the ip (which is no good for surbl).
The following site contains a long list of dnsbl's including a section on domain based lists (RHSBL Lists) http://www.geocities.com/spamresources/filter-dnsbl-lists.htm#domain
It might be worthwhile getting surbl added, providing it's made clear in the notes that it is intended to be queried for body checks not header checks.
However, does anyone think that using proxies to the real SURBL name servers might be useful to us.... (or know how to set that up?)
Spamhaus has probably got one of the best infrastructures to protect against DDOS. Anyone have any contacts? I remember reading that they're under continual DDOS but they never feel it. Also SORBS is another list that has held out against DDOS, IIRC.
John
Jeff C.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
John Fawcett writes:
However, does anyone think that using proxies to the real SURBL name servers might be useful to us.... (or know how to set that up?)
Spamhaus has probably got one of the best infrastructures to protect against DDOS. Anyone have any contacts? I remember reading that they're under continual DDOS but they never feel it. Also SORBS is another list that has held out against DDOS, IIRC.
Yes, I can put you in touch -- or at least get hold of a few tips... I've asked, let's see what comes in.
- --j.
-
Chris Santerre -
David Coulson -
Jeff Chan -
jm@jmason.org -
John Fawcett -
Raymond Dijkxhoorn