[Dshield] DOS by Sorbs?
David Cary Hart
DShield at TQMcube.com
Thu Dec 22 14:17:59 GMT 2005
On Thu, 22 Dec 2005 12:58:02 +1300
"martin forest" <martin at forest.gen.nz> opined:
> Greetings all
> Are there many of you that have been "cornered" by Sorbs in Australia?
> Suddenly, we started to receive complaints from users that we were on an
> RBL list. And when I looked at it, we have been listed by Sorbs as a spam
> site. After analysing the issue, it turns out that the complaint made to
> Sorbs is faked/false and no warning was given to us. Basically, I
> contacted the remote user (in Finland) that the complaint was referring to
> and he have never heard of it. I also contacted our user, who the email
> “was sent from”. As most of you probably is guessing by now, a classical
> spoofed email.
That's not how SORBS works. They identify only the client connection so, unless
you have either an exploited machine or an open relay, false positives on the
spam list are virtually impossible. Neither 126.96.36.199 nor 188.8.131.52
are listed. Which IP are you referring to?
Our DNSRBL -
Eliminate Spam: http://www.TQMcube.com/spam_trap.php
Multi-RBL Check: http://www.TQMcube.com/rblcheck.php
Zombie Graphs: http://www.TQMcube.com/zombies.php
More information about the list