[SURBL-Discuss] RFC: Storm URI IPs to XS list?
Kevin A. McGrail
kmcgrail at pccc.com
Sat Aug 18 19:45:52 CEST 2007
> On a dynamic IP with that short a TTL ? If they had a legitimate reason
> then
> most likely they would use dyndns or similar. I think the argument about
> them using IP links is a non starter. Blacklist em.
I apologize. I think I am explaining myself very poorly. Let me try one
more straightforward example:
You have two customers (A & B) of an ISP that uses DHCP. Customer A gets an
IP address, has a storm infection and sends out some emails that list his IP
address (or possibly even other machines in the P2P Storm Network).
A few minutes, hours, days, whatever later, Customer B of the same ISP gets
the same DHCP address. Customer B will now be a victim of FPs for anyone
using the list being discussed.
Regards,
KAM
More information about the Discuss
mailing list