[SURBL-Discuss] RFC: Storm URI IPs to XS list?
Kevin A. McGrail
kmcgrail at pccc.com
Sat Aug 18 18:11:25 CEST 2007
> Am I missing something ? I thought we were talking about IP's as URL's ?
> many false positives are there likely to be when hardly anyone on dynamic
> IP's are going to be running a web server and hand out their IP as a URL ?
> And if there WERE any false positives does anyone really care ? If they
> to run a reliable web server then get a proper one. My opinion.
They aren't running it on purpose. It's a bot-network-installed web server
that runs to then serve as a landing place for others to get the payload
file. Like all those ecard emails with http://18.104.22.168/. This is
someone's machine that is infected that is sending out spams and saying,
here's a payload file.
More information about the Discuss