[SURBL-Discuss] RFC: Storm URI IPs to XS list?

Kevin A. McGrail kmcgrail at pccc.com
Sat Aug 18 18:11:25 CEST 2007

> Am I missing something ? I thought we were talking about IP's as URL's ? 
> How
> many false positives are there likely to be when hardly anyone on dynamic
> IP's are going to be running a web server and hand out their IP as a URL ?
> And if there WERE any false positives does anyone really care ? If they 
> want
> to run a reliable web server then get a proper one. My opinion.

They aren't running it on purpose.  It's a bot-network-installed web server 
that runs to then serve as a landing place for others to get the payload 
file.  Like all those ecard emails with  This is 
someone's machine that is infected that is sending out spams and saying, 
here's a payload file.


More information about the Discuss mailing list