...
On Wednesday, April 6, 2005, 11:54:56 AM, Patrik Nilsson wrote:
At 01:26 2005-04-06 -0700, Jeff Chan wrote:
Raymond, Paul and others, please LART them.
We're not going to blacklist zdnet.
It's not zdnet, it's chkpt.zdnet.com.
Does chkpt.zdnet.com show up in ham?
http://groups-beta.google.com/groups?q=%22chkpt.zdnet.com%22&start=10&am...
Are we still 100% opposed to trying to find a way to include sub-domains in surbls?
Patrik
It's possible to list subdomains, but this one chkpt.zdnet.com would still probably not be appropriate since it probably has legitimate uses. Also subdomains may not be checked by SURBL applications.
Jeff C.
"If it appears in hams, then don't list it."
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
It is actually worse than a subdomain. If it were a simple "static" name, maybe you could list the IP. But it is a CNAME with a five minute TTL, and it *does* seem to change regularly!
% dig chkpt.zdnet.com any @ns.cnet.com
; <<>> DiG 9.3.0 <<>> chkpt.zdnet.com any @ns.cnet.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18416 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION: ;chkpt.zdnet.com. IN ANY
;; ANSWER SECTION: chkpt.zdnet.com. 300 IN CNAME c10-dw-xw-lb.cnet.com.
;; AUTHORITY SECTION: zdnet.com. 86400 IN NS ns.cnet.com. zdnet.com. 86400 IN NS ns2.cnet.com. zdnet.com. 86400 IN NS ns3.cnet.com.
;; ADDITIONAL SECTION: ns.cnet.com. 86400 IN A 216.239.126.10 ns2.cnet.com. 86400 IN A 206.16.0.71 ns3.cnet.com. 86400 IN A 216.239.120.69
;; Query time: 19 msec ;; SERVER: 216.239.126.10#53(ns.cnet.com) ;; WHEN: Thu Apr 7 07:58:20 2005 ;; MSG SIZE rcvd: 166
% dig c10-dw-xw-lb.cnet.com any @ns.cnet.com
; <<>> DiG 9.3.0 <<>> c10-dw-xw-lb.cnet.com any @ns.cnet.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46613 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION: ;c10-dw-xw-lb.cnet.com. IN ANY
;; ANSWER SECTION: c10-dw-xw-lb.cnet.com. 300 IN A 216.239.115.143
;; AUTHORITY SECTION: cnet.com. 86400 IN NS ns.cnet.com. cnet.com. 86400 IN NS ns2.cnet.com. cnet.com. 86400 IN NS ns3.cnet.com.
;; ADDITIONAL SECTION: ns.cnet.com. 86400 IN A 216.239.126.10 ns2.cnet.com. 86400 IN A 206.16.0.71 ns3.cnet.com. 86400 IN A 216.239.120.69
;; Query time: 20 msec ;; SERVER: 216.239.126.10#53(ns.cnet.com) ;; WHEN: Thu Apr 7 07:58:51 2005 ;; MSG SIZE rcvd: 156
Yesterday (or the day before), it pointed at a different IP. I still think the only effective LART is a short message, and forward the problem email to the CNet editors (but maybe someone else can find a person at CNet to listen - I can't).
Meanwhile, If they don't do something soon - I promise when I own cnet.com and zdnet.com, there will not be any redirectors:)
Paul Shupak track@plectere.com
Based on what you've described below, I'm guessing you've found their load balancer.
chkpt.zdnet.com. 300 IN CNAME c10-dw-xw-lb.cnet.com.
They're a pretty big site - I'd bet they have geographical load balancers and DNS.
The short TTL is normal for this type of configuration.
John Delisle, CISA Senior Network Analyst, Network and Security Team Information Systems & Technology Management Dept. Ceridian Canada Ltd 600 - 125 Garry St Winnipeg, MB R3C 3P2 204-975-5909
List Mail User track@Plectere.com Sent by: discuss-bounces@lists.surbl.org 04/07/2005 10:04 AM Please respond to SURBL Discussion list discuss@lists.surbl.org
To discuss@lists.surbl.org, jeffc@surbl.org cc track@Plectere.com Subject Re: [SURBL-Discuss] More spams with Zdnet redirector
...
On Wednesday, April 6, 2005, 11:54:56 AM, Patrik Nilsson wrote:
At 01:26 2005-04-06 -0700, Jeff Chan wrote:
Raymond, Paul and others, please LART them.
We're not going to blacklist zdnet.
It's not zdnet, it's chkpt.zdnet.com.
Does chkpt.zdnet.com show up in ham?
http://groups-beta.google.com/groups?q=%22chkpt.zdnet.com%22&start=10&am...
Are we still 100% opposed to trying to find a way to include
sub-domains in
surbls?
Patrik
It's possible to list subdomains, but this one chkpt.zdnet.com would still probably not be appropriate since it probably has legitimate uses. Also subdomains may not be checked by SURBL applications.
Jeff C.
"If it appears in hams, then don't list it."
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
It is actually worse than a subdomain. If it were a simple "static" name, maybe you could list the IP. But it is a CNAME with a five minute TTL, and it *does* seem to change regularly!
% dig chkpt.zdnet.com any @ns.cnet.com
; <<>> DiG 9.3.0 <<>> chkpt.zdnet.com any @ns.cnet.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18416 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION: ;chkpt.zdnet.com. IN ANY
;; ANSWER SECTION: chkpt.zdnet.com. 300 IN CNAME c10-dw-xw-lb.cnet.com.
;; AUTHORITY SECTION: zdnet.com. 86400 IN NS ns.cnet.com. zdnet.com. 86400 IN NS ns2.cnet.com. zdnet.com. 86400 IN NS ns3.cnet.com.
;; ADDITIONAL SECTION: ns.cnet.com. 86400 IN A 216.239.126.10 ns2.cnet.com. 86400 IN A 206.16.0.71 ns3.cnet.com. 86400 IN A 216.239.120.69
;; Query time: 19 msec ;; SERVER: 216.239.126.10#53(ns.cnet.com) ;; WHEN: Thu Apr 7 07:58:20 2005 ;; MSG SIZE rcvd: 166
% dig c10-dw-xw-lb.cnet.com any @ns.cnet.com
; <<>> DiG 9.3.0 <<>> c10-dw-xw-lb.cnet.com any @ns.cnet.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46613 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION: ;c10-dw-xw-lb.cnet.com. IN ANY
;; ANSWER SECTION: c10-dw-xw-lb.cnet.com. 300 IN A 216.239.115.143
;; AUTHORITY SECTION: cnet.com. 86400 IN NS ns.cnet.com. cnet.com. 86400 IN NS ns2.cnet.com. cnet.com. 86400 IN NS ns3.cnet.com.
;; ADDITIONAL SECTION: ns.cnet.com. 86400 IN A 216.239.126.10 ns2.cnet.com. 86400 IN A 206.16.0.71 ns3.cnet.com. 86400 IN A 216.239.120.69
;; Query time: 20 msec ;; SERVER: 216.239.126.10#53(ns.cnet.com) ;; WHEN: Thu Apr 7 07:58:51 2005 ;; MSG SIZE rcvd: 156
Yesterday (or the day before), it pointed at a different IP. I still think the only effective LART is a short message, and forward the problem email to the CNet editors (but maybe someone else can find a person at CNet to listen - I can't).
Meanwhile, If they don't do something soon - I promise when I own cnet.com and zdnet.com, there will not be any redirectors:)
Paul Shupak track@plectere.com _______________________________________________ Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
-
John_Delisle@ceridian.ca -
List Mail User