Solved

dynamic IP pools smtp spam detection

Posted on 2008-06-17
4
324 Views
Last Modified: 2013-12-17
Hi,
ive got a gerneral question about detection of dynamic IP pools.
I know there are lots of blacklistprovider like spamhaus and so on...
I want to know which mechanism they are using to determine an ip address as static or dynamic (from a dialin pool).
- Do they get the information via a WHOIS lookup
- or via a reverse DNS lookup and checking it against a regular expression containing "%dialin-in%"
- or from RIPE?
- or just feeding there on database by any suspect information
It would be cool if anybody could make it more clearer.
Thx!"
0
Comment
Question by:netcrew
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
raptorjb007 earned 500 total points
ID: 21803491
These blacklists keep track of known IP ranges that are used for by ISP's consumer/dynamic internet accounts. These are well known and as such easily blocked.

Comcast for instance has different ranges for its business class service to which it provides static IP's and its consumer class service to which it only provides dynamic IPs.
0
 

Author Comment

by:netcrew
ID: 21804345
yes but where do they get the information from? who tells them this is a dynamic? is there a dns/ripe/whois flag, how to determine which comcast addresses are static and which one are not?
How can i get this information. Do i have to call comcast, hey comcast whats ur dialin range which is not static? or can i do a whois or reverse dns lookup and check for a flag which tells me its from a dynamic pool?
0
 
LVL 6

Assisted Solution

by:raptorjb007
raptorjb007 earned 500 total points
ID: 21804804
Well, typically there are multiple factors.

Most Blacklists include information gathered from internet spam sensors, these keep track of which IP's they are receiving spam from, and an infected machine with a dynamic IP tends to bounce from one IP to another eventually, over time and with many infected machines, an entire IP block gets added to the list, as they are consecutive IP's the actually range can be inferred.

They may even have inside sources who contribute such information from the various ISP's directly, however I don;t think this would be officially noted in any public space.

The various blacklist companies all have their various methods that they use to determine what to and not to include that makes any specific answer impossible, but generally I belive the Spam Sensors provide the majority of their information.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
OWA address for sennatech.sg domain 6 70
Exchange 2010 Public Folder move to new Exchange 2010 server. 1 48
Exchange 2013 Snap-in? 3 26
SPF record issue 6 34
Workplace bullying has increased with the use of email and social media. Retain evidence of this with email archiving to protect your employees.
Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links.
Familiarize people with the process of utilizing SQL Server functions from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Ac…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question