[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor nodes blocked by e-gold



SORBS marks TOR servers as zombie spammers I believe.

Um, in the interest of settling this argument :

grep router cached-routers |grep -v signature |awk -F " " '{print "host "$3".dnsbl.sorbs.net"}' |sh

(most return NXDOMAIN, meaning not listed by SORBS). The ones that do, return the database in which they're listed as the last octet.

	  http.dnsbl.sorbs.net    127.0.0.2
	 socks.dnsbl.sorbs.net    127.0.0.3
	  misc.dnsbl.sorbs.net    127.0.0.4
	  smtp.dnsbl.sorbs.net    127.0.0.5
      new.spam.dnsbl.sorbs.net    127.0.0.6
   recent.spam.dnsbl.sorbs.net    127.0.0.6
      old.spam.dnsbl.sorbs.net    127.0.0.6
	  spam.dnsbl.sorbs.net    127.0.0.6
   escalations.dnsbl.sorbs.net    127.0.0.6
	   web.dnsbl.sorbs.net    127.0.0.7
	 block.dnsbl.sorbs.net    127.0.0.8
	zombie.dnsbl.sorbs.net    127.0.0.9
	   dul.dnsbl.sorbs.net    127.0.0.10
       badconf.rhsbl.sorbs.net    127.0.0.11
	nomail.rhsbl.sorbs.net    127.0.0.12

Of the 887 IPs I have in my cached-routers file, 709 return NXDOMAIN. The others :

0	http.dnsbl.sorbs.net
0	socks.dnsbl.sorbs.net
0	misc.dnsbl.sorbs.net
0	smtp.dnsbl.sorbs.net
2	*.spam.dnsbl.sorbs.net
0	web.dnsbl.sorbs.net
0	block.dnsbl.sorbs.net
0	zombie.dnsbl.sorbs.net
46	dul.dnsbl.sorbs.net
0	badconf.rhsbl.sorbs.net
0	nomail.rhsbl.sorbs.net

So, according to SORBS, they're blacklisted because they're in dynamic IP ranges

Cheers,

Michael Holstein CISSP GCIA
Information Security Administrator
Cleveland State University