funsec mailing list archives
Re: Comment Spam: new trends, failing counter-measures and why it's a big deal
From: Valdis.Kletnieks () vt edu
Date: Mon, 13 Feb 2006 12:27:39 -0500
On Mon, 13 Feb 2006 12:09:19 EST, Dude VanWinkle said:
You could then crawl the .info whois database for domains registered with matching information and blacklist all domains/IP's(netblock) belonging to Mr Harauzek, finding out that he regestered en masse 50 domains with duplicate whois info.
Another useful trick - blacklist all domains that share an NS entry with the offending one. If a nameserver is serving one black-hat domain, it's probably either a hijacked machine (witness the crews that do round-robin NS records out of compromised cablemodems), or it's a blackhat site. (And yes, there's a slight chance they're on a mostly white-hat NS. On the other hand, the vast majority of DNS providers have learned to be more careful about who they create zones for, just like most registrars have gotten a clue...)
Attachment:
_bin
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Comment Spam: new trends, failing counter-measures and why it's a big deal Gadi Evron (Feb 12)
- Re: Comment Spam: new trends, failing counter-measures and why it's a big deal Dude VanWinkle (Feb 13)
- Re: Comment Spam: new trends, failing counter-measures and why it's a big deal Gadi Evron (Feb 13)
- Re: Comment Spam: new trends, failing counter-measures and why it's a big deal James Kehl (Feb 14)
- Re: Comment Spam: new trends, failing counter-measures and why it's a big deal Dude VanWinkle (Feb 14)
- Re: Comment Spam: new trends, failing counter-measures and why it's a big deal Gadi Evron (Feb 13)
- Re: Comment Spam: new trends, failing counter-measures and why it's a big deal Dude VanWinkle (Feb 13)
- Re: Comment Spam: new trends, failing counter-measures and why it's a big deal Stephen J. Smoogen (Feb 13)
- Re: Comment Spam: new trends, failing counter-measures and why it's a big deal Dude VanWinkle (Feb 13)
- Re: Comment Spam: new trends, failing counter-measures and why it's a big deal Valdis . Kletnieks (Feb 13)
- Re: Comment Spam: new trends, failing counter-measures and why it's a big deal Gadi Evron (Feb 13)
- Re: Comment Spam: new trends, failing counter-measures and why it's a big deal Dude VanWinkle (Feb 13)