[Dshield] DOS by Sorbs?

David Cary Hart DShield at TQMcube.com
Thu Dec 22 14:17:59 GMT 2005


On Thu, 22 Dec 2005 12:58:02 +1300
"martin forest" <martin at forest.gen.nz> opined:
> Greetings all
> 
> Are there many of you that have been "cornered" by Sorbs in Australia?
> Suddenly, we started to receive complaints from users that we were on an  
> RBL list. And when I looked at it, we have been listed by Sorbs as a spam  
> site. After analysing the issue, it turns out that the complaint made to  
> Sorbs is faked/false and no warning was given to us. Basically, I  
> contacted the remote user (in Finland) that the complaint was referring to  
> and he have never heard of it. I also contacted our user, who the email  
> “was sent from”. As most of you probably is guessing by now, a classical  
> spoofed email.
> 
That's not how SORBS works. They identify only the client connection so, unless
you have either an exploited machine or an open relay, false positives on the
spam list are virtually impossible. Neither 130.195.86.23 nor 130.195.86.22
are listed. Which IP are you referring to?
-- 
Our DNSRBL - 
           Eliminate Spam: http://www.TQMcube.com/spam_trap.php
          Multi-RBL Check: http://www.TQMcube.com/rblcheck.php
            Zombie Graphs: http://www.TQMcube.com/zombies.php
              GeoGraphics: http://www.TQMcube.com/origins.php


More information about the list mailing list