-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I have a fairly high bandwidth exit node running for about a month now that I'm having difficulty keeping off of the http://cbl.abuseat.org/ blacklist and have been informed of this listing by the VPS provider. The relay is running with a reduced exit policy -- and additionally I've blocked common mail ports, etc via IPFW so I know that no spam is actually being sent out of the relay. Still, various botnets connections are connecting to abuseat.org botnet sinkholes via port 80 Command&Control connection attempts. I'm at a loss at how to stop this or somehow detect and filter botnet traffic.
I've informed the VPS provider that I'm on top of it and have the machine configured to not actually allow this sort of malicious traffic out and they seem to be generally happy with that explanation, but a better solution if one exists would be appreciated.
Thanks,
Julian Plamann
julian (at) amity.be
GPG: 0x96881D83
-----BEGIN PGP SIGNATURE-----
Version: Mailvelope v0.13.1
Comment: https://www.mailvelope.com
wsFcBAEBCAAQBQJVcKatCRB9wOTqlogdgwAAgdYP/268o2gs1nSKVcNKQfJR
gnKQyBsduy2DZCGlSCnEmj4JJ0E9jiOsh+aBrZBknnbbwYPtwMBuctHTblXD
czQAy5DxMNUE+E9wofLQJHLUe3W43hueKGuKzVjBnnSgxKhsUS+7dH1q4dLt
KHzYdxUqQQYmmX4P9uY43/6tWeratdUF7w93cevatRpDbULMTb0j09+aeUyE
MfU2i3KK6CZXIij6oo2pndwrglHywcasFwXpmEN058SYrHlB/4QDQBl7xgyU
eELb71jxmz+vwZOyfEyj10ffwVtT/TcYKi5wOT1viDqQV9orNmlu8UOvu3xE
47zsb8M1Bt8JU19AsKmJNVS3YLH+2J5ertyi2mFM2PpSRIAQ6NzGA/zd/+Qr
MJ7pilIBpozauf/iqiZH3UFDU5UUSezqR62fSkUDuTNaSIV5Inz0gWJnqK8w
ZUMLM5xovCvWg/SqrZo0Qbry2AxOZ/l5zyhW4Jn2uioOoP+Z763FP04LcRm9
gVqfvVDNHyaAvdgKR8PSPXi2PrnNb0uEKDZLea76deWN8f2DBgfqp5hRAUOf
Mk2BD9Fk30F1RC0QH0DLm/hsgTnxDEyq+XDtD6LJiGkfiHtwPkye6pH+Qf3K
ZuonkypZqdfccY68lb2hMkLW7N/hsOf4hjUVQri/TL8V6eUMoEw0OAZLzhtZ
gv2S
=HitE
-----END PGP SIGNATURE-----
|