Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: [milter-greylist] "Dark-grey"listing dynamic IP address

2006-04-06 by Gingko

----- Original Message ----- 
From: "Kai Schaetzl" <maillists@...>
To: <milter-greylist@yahoogroups.com>
Sent: Thursday, April 06, 2006 2:31 AM
Subject: Re: [milter-greylist] "Dark-grey"listing dynamic IP address


> wrote on Wed, 5 Apr 2006 23:58:27 +0200:
>
>> Filtering on reverse DNS name with three 0-255 numbers sounds therefore
>> a good idea.
>
> Very shortly you will see that there is *lots* of dynamic IP space which
> will not fit that scheme at all. Or they don't have PTR records at all.

If they don't use this scheme, they should certainly use another one (more 
or less recognizable), as I can't imagine them inventing a nice name for 
every address of their dynamic address space.

Unless they don't have any reverse DNS at all, but this is by itself another 
reason to make them suspicious ...

Maybe just trying to locate the less significant byte of the IP address 
inside the reverse DNS name, in either decimal or hexadecimal format could 
give better results ...

Some more or less difficult examples that I can found in my logs :

212.17.81.39    -> chello212017081039.8.15.vie.surfer.at
87.3.233.113    -> host113-233.pool873.interbusiness.it
201.50.35.165   -> 20150035165.user.veloxzone.com.br
80.140.214.127  -> p508CD67F.dip.t-dialin.net                  (hexadecimal 
IP !)
87.49.199.251   -> 0x5731c7fb.sgnxx4.adsl-dhcp.tele.dk         (hexadecimal 
IP !)
83.24.252.112   -> dto112.neoplus.adsl.tpnet.pl                (only last 
number included)

84.24.250.62    -> cp530967-a.tilbu1.nb.home.nl                (this one 
maybe difficult to recognize ...)
142.166.231.113 -> nwcsts11c108.nbnet.nb.ca                    (same thing 
here)

Anyway, even if lots of dynamic IP spaces don't fit the scheme, it looks 
like that a vast majority of them does ... this is still a way to narrow 
down their identification ...

(and maybe, in the future, this will encourage some ISP to decide to rename 
their dynamic pools that way, so they can be more easily detected by 
greylisting machines ?)

> Also, there are already very good RBLs which contain dynamic IP space,
> f.i. SORBS has a lot of them and they are very reliable.

Of course, alternately these published lists of dynamic addresses can be 
also used for taking the same decisions.
Why not implementing both techniques altogether ?

Gingko

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.