Tor nodes blocked by e-gold
Michael Holstein
michael.holstein at csuohio.edu
Fri Apr 27 18:51:28 UTC 2007
(gaak .. make that 759 queries, 709 NXDOMAIN, and 48 that appear somehow
.. the rest of what's below is correct).
~Mike.
Michael Holstein wrote:
>> SORBS marks TOR servers as zombie spammers I believe.
>
> Um, in the interest of settling this argument :
>
> grep router cached-routers |grep -v signature |awk -F " " '{print "host
> "$3".dnsbl.sorbs.net"}' |sh
>
> (most return NXDOMAIN, meaning not listed by SORBS). The ones that do,
> return the database in which they're listed as the last octet.
>
> http.dnsbl.sorbs.net 127.0.0.2
> socks.dnsbl.sorbs.net 127.0.0.3
> misc.dnsbl.sorbs.net 127.0.0.4
> smtp.dnsbl.sorbs.net 127.0.0.5
> new.spam.dnsbl.sorbs.net 127.0.0.6
> recent.spam.dnsbl.sorbs.net 127.0.0.6
> old.spam.dnsbl.sorbs.net 127.0.0.6
> spam.dnsbl.sorbs.net 127.0.0.6
> escalations.dnsbl.sorbs.net 127.0.0.6
> web.dnsbl.sorbs.net 127.0.0.7
> block.dnsbl.sorbs.net 127.0.0.8
> zombie.dnsbl.sorbs.net 127.0.0.9
> dul.dnsbl.sorbs.net 127.0.0.10
> badconf.rhsbl.sorbs.net 127.0.0.11
> nomail.rhsbl.sorbs.net 127.0.0.12
>
> Of the 887 IPs I have in my cached-routers file, 709 return NXDOMAIN.
> The others :
>
> 0 http.dnsbl.sorbs.net
> 0 socks.dnsbl.sorbs.net
> 0 misc.dnsbl.sorbs.net
> 0 smtp.dnsbl.sorbs.net
> 2 *.spam.dnsbl.sorbs.net
> 0 web.dnsbl.sorbs.net
> 0 block.dnsbl.sorbs.net
> 0 zombie.dnsbl.sorbs.net
> 46 dul.dnsbl.sorbs.net
> 0 badconf.rhsbl.sorbs.net
> 0 nomail.rhsbl.sorbs.net
>
> So, according to SORBS, they're blacklisted because they're in dynamic
> IP ranges
>
> Cheers,
>
> Michael Holstein CISSP GCIA
> Information Security Administrator
> Cleveland State University
>
More information about the tor-talk
mailing list