Nmap Development mailing list archives
Re: dns-blacklist false positive? (list.quorum.to)
From: Patrik Karlsson <patrik () cqure net>
Date: Sun, 11 Mar 2012 10:41:45 +0100
On Fri, Mar 9, 2012 at 8:57 PM, David Fifield <david () bamsoftware com> wrote:
On Fri, Mar 09, 2012 at 11:53:18AM -0800, David Fifield wrote:I get this when running dns-blacklist against scanme.nmap.org: Host script results: | dns-blacklist: | SPAM |_ list.quorum.to - SPAM But I did a search using their web interface at http://www.quorum.to/pubsearch, and they have no record of scanme.nmap.org.According to http://www.quorum.to/publicbl.html, a host not in their database is "blocked because it has never been seen to send mail." Maybe we should remove this list then? It's going to report SPAM for virtually all IP addresses. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Thanks for finding this David. I checked the source and found some comment about a problem with quorum.to incorrectly returning a 127.0.0.0 when hosts are not listed. I change the code to make sure that the response is not 127.0.0.0 and only then list the host as SPAM. I confirmed this was working by running a few IPs of this list against it: http://www.spamhaus.org/sbl/listings/chinanet-zj It seems to be working as expected and scanme.nmap.org does not turn up as blacklisted anymore. I've committed the change as r28270. Cheers, Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- dns-blacklist false positive? (list.quorum.to) David Fifield (Mar 09)
- Re: dns-blacklist false positive? (list.quorum.to) David Fifield (Mar 09)
- Re: dns-blacklist false positive? (list.quorum.to) Patrik Karlsson (Mar 11)
- Re: dns-blacklist false positive? (list.quorum.to) David Fifield (Mar 11)
- Re: dns-blacklist false positive? (list.quorum.to) Patrik Karlsson (Mar 12)
- Re: dns-blacklist false positive? (list.quorum.to) David Fifield (Mar 12)
- Re: dns-blacklist false positive? (list.quorum.to) Patrik Karlsson (Mar 11)
- Re: dns-blacklist false positive? (list.quorum.to) David Fifield (Mar 09)