Re: Blacklists - URL and IP

[James Riden <j.riden () MASSEY AC NZ>]

"Dennis Meharchand, CEO Valt.x" <dennis () valtx com> writes:

> Does anyone use blacklists to shut out suspected malicious URL’s and
> IP addresses?

I believe Dshield.org runs such a list specifically for attacking IPs.
Otherwise CBL lists what I would call 'malicious' - ie. probably
compromised - IP addresses as opposed to some of the other lists which
just aim to cover spam sources.

> If so we would appreciate knowing which ones or referral to a
> comprehensive list of blacklists.

www.openrbl.org will query most of them.

> It appears that hackers have been spoofing our email addresses as
> they are unable to break through our security products – Cyber
> Secure Hard Disk Drives.

I don't understand what you're saying here.

> In particular they seem to like to break into other security company
> computers and send emails to us showing that they are spoofing our
> addresses from Fortress Technologies, Symantec, McAfee … etc. We
> would like to make sure that we don’t end up on lists erroneously.

This sounds bizarre. Would you mind posting an example with full
headers? I'm wondering if it's due to the virus du jour.

cheers,
 Jamie
-- 
James Riden / j.riden () massey ac nz / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/