ive got a gerneral question about detection of dynamic IP pools.
I know there are lots of blacklistprovider like spamhaus and so on...
I want to know which mechanism they are using to determine an ip address as static or dynamic (from a dialin pool).
- Do they get the information via a WHOIS lookup
- or via a reverse DNS lookup and checking it against a regular expression containing "%dialin-in%"
- or from RIPE?
- or just feeding there on database by any suspect information
It would be cool if anybody could make it more clearer.