[SURBL-Discuss] RFC: Storm URI IPs to XS list?

Kevin A. McGrail kmcgrail at pccc.com
Sat Aug 18 18:11:25 CEST 2007


> Am I missing something ? I thought we were talking about IP's as URL's ? 
> How
> many false positives are there likely to be when hardly anyone on dynamic
> IP's are going to be running a web server and hand out their IP as a URL ?
> And if there WERE any false positives does anyone really care ? If they 
> want
> to run a reliable web server then get a proper one. My opinion.

They aren't running it on purpose.  It's a bot-network-installed web server 
that runs to then serve as a landing place for others to get the payload 
file.  Like all those ecard emails with http://123.123.123.123/.  This is 
someone's machine that is infected that is sending out spams and saying, 
here's a payload file.

Regards,
KAM 



More information about the Discuss mailing list