[ previous ] [ next ] [ threads ]
 
 From:  "Chris Bagnall" <m0n0wall at minotaur dot cc>
 To:  <mono at centrum dot sk>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] DNS Blacklist
 Date:  Thu, 27 Jan 2005 23:24:02 -0000 
> i have a network of xx PCs with one public IP, where all PCs 
> are behind a NAT.
> But our public IP is listed in BlackList on SORBS /      
> http://www.dnsbl.sorbs.net/. Is possible to find out whoch 
> compoter in network caused this? Which compoter is smap attacker?

You may find it's nothing to do with any of your clients at all.

Is your internet connection on a static IP, or part of a dynamic IP range
your ISP leases? SORBS is one of the more... draconian DNS blocklists and
has a nasty habit of listing all sorts of stuff that doesn't necessarily
have the slightest thing to do with spam. It may be that your IP isn't
actually in the main blocklist at all, but is being picked up as in a
dynamic IP range. See this faq:
http://www.dnsbl.nl.sorbs.net/faq/dul.shtml

And here, at the bottom there's some stuff about SPEWS (which makes SORBS
look like a tame puppy by comparison):
http://www.dnsbl.nl.sorbs.net/using.shtml

Looks like SPEWS isn't included in the aggregate zone, but I guess the
others (which includes the DUL) are. Might be worth talking to your ISP if
this is a real problem.

FWIW, I don't like SORBS at all. You'd never have guessed, would you? ;-)

Regards,

Chris
-- 
C.M. Bagnall, Partner, Minotaur
Tel: (07010) 710715   Mobile: (07811) 332969   ICQ: 13350579
AIM: MinotaurUK   MSN: minotauruk at hotmail dot com   Y!: Minotaur_Chris
This email is made from 100% recycled electrons