North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: BL of Compromised Hosts?

  • From: Andrew - Supernews
  • Date: Sun Feb 22 17:56:50 2004

>>>>> "Avleen" == Avleen Vig <[email protected]> writes:

 >> Would anyone be interested in receiving a text or BGP feed of IPs of 
 >> hosts known/suspected to be compromised and used as parts of DDOS 
 >> attacks? Would anyone be interested in contributing their BGP views?

 Avleen> Hey Deepak,

 Avleen> It's not a BGP feed, but take a look at:

It also has nothing to do with DDoS attacks; it's intended use is only
for blocking email traffic. The XBL incorporates the CBL, and the CBL
team does not support the use of its data for purposes other than
blocking incoming SMTP traffic. The reason for this is that the CBL
lists a very large number of dynamic IPs, and has a very long
expiration time (months). Accordingly, using it to block general
traffic will have a high false-positive rate.

Andrew, Supernews