[SURBL-Discuss] RFC: Storm URI IPs to XS list?

Kevin A. McGrail kmcgrail at pccc.com
Sat Aug 18 19:45:52 CEST 2007

> On a dynamic IP with that short a TTL ? If they had a legitimate reason 
> then
> most likely they would use dyndns or similar. I think the argument about
> them using IP links is a non starter. Blacklist em.

I apologize.  I think I am explaining myself very poorly.  Let me try one 
more straightforward example:

You have two customers (A & B) of an ISP that uses DHCP.  Customer A gets an 
IP address, has a storm infection and sends out some emails that list his IP 
address (or possibly even other machines in the P2P Storm Network).

A few minutes, hours, days, whatever later, Customer B of the same ISP gets 
the same DHCP address.  Customer B will now be a victim of FPs for anyone 
using the list being discussed.


More information about the Discuss mailing list