Slashdot Mirror
Reputation Lookup for IPs
xzap writes "ZDNet is running an article about TrustedSource.org which is a new portal that provides reputation information for IP addresses. It can be used to configure your spam filters or when deciding whether to add an unknown host to your blacklist. Dmitri Alperovitch, a research engineer at CipherTrust said "Often companies don't realize that they have zombie machines on their network that have been sending e-mail. It may be more helpful for organizations to identify which systems on their networks are sending e-mail." Users can drill down to find more information on each domain. The portal is an initiative of CipherTrust who have previously been covered on Slashdot."
This is a great idea, now if they had this for politions.
a reputation system for sites who don't try to slam you with a ginormous Flash advertisement the minute you load their site? Good Lord, and thank goodness for FlashBlock...
The World Wide Web is dying. Soon, we shall have only the Internet.
It showed my IP blocks as having raised concern, despite the fact that they're not on any black lists and I can't why it has drawn that conclusion. Also, using the domain checker, it has no knowledge of non-TLDs meaning it will treat xxx.org.uk and yyy.org.uk as the same domain - org.uk.
Tim Brown
You can bet that the spammers will look for ways to improve their standing. Being able to use a compromised computer to rank a page with positive points/karma/rating etc seems like a significant problem. If it's a negative-only system then those same compromised computers can blacklist IPs that aren't compromised, effectively reducing the 'average' past their own, leading to their own standing out as relatively whiter.
Hopefully CipherTrust will have a look at (for example) things Google has done with pagerank, and be able to address a problem that is significantly tied in with the problem it is trying to help with.
Browsing with +2 to insightful posts and a higher threshold makes the average post seen seem a lot more ingenious
Hmm. According to that database, my current IP has two traits: one, it has never been used to send spam etc. (as far as they know); and two, it is "suspicious".
Makes you wonder. If nothing ever came from this IP, then shouldn't it be "unsuspicious" or something like that (or at least "unknown")?
That being said, I wouldn't really trust a company, whose prime motivation is to make money, with things like this anyway. There's already DShield, which is a community effort, so what do we need this for?
quidquid latine dictum sit altum videtur.
Why on earth should lots of machines be able to send email from inside a corporation? Surely some smarthosts and block port 25 at the border routers is the way to go. Then a check of the logs can give you clues as to which machines are compromised.
Doesn't most of spam zombies use dynamic ip address? Then this is useless... Even worse, you can get an ip wich have been used by a zombie and this system will think you're too.
A similar site already exists: http://www.senderbase.org/
A list of Tor server IP's:
http://proxy.org/tor.shtml
Some people are bound to abuse TOR by simply being dickheads over it, comment spamming, flaming, trolling, etc.
But the benefits of a system that protects your right to free speech totally outweighs the negative.
If those dickheads negatively tarnish the Tor servers such that they become less valuable due to being second class citizens on the internet... then it is a really really bad idea.
Protect firstly that which you have, then see what you need to do to stop spammers, dickheads in general, etc.
Yes, we DO want to talk about reputation lookup for IPs.
The hurricane is horrible, for sure. It is very tragic that so many people are losing so much. I would pray for them. However, slashdot is NOT the place to discuss a hurricane.
Slashdot is technology news, not general news. If you want to submit a story about the hurricane, and it gets posted, I would gladly "get some priorities" and discuss that instead. Until then, such a discussion is flagrantly off topic.
Just because there's a disaster doesn't mean the rest of the world stands still. Life goes on, and hopefully gets better.
News for Nerds is news for nerds, not news for the south.
to accept the praise of personal wisdom is an affront to the very ideal i hold dear.
Being from a country that is considered a hotspot for spam, I naturally appreciate any effort to eradicate spam, BUT blacklists take things too far. They don't seem very effective and only serve to irritate and inconvenience people who have done nothing wrong and are using their IPs for only legitimate purposes.
This especially effects smaller ISPs and hosting providers, who get slammed despite in al ot of cases being able to prove that no spam was originating from their network and that htey have secure servers. These blacklist operators have automated systems checking the "vulnerability" of networks and adding IPs willy-nilly. This has a negligible effect on actual spammers, since they will just hop to another network when a network they are using gets blacklisted. It's almost like the gun control system in Canada, only worse since it is automated in addition to being highly inaccurate and ineffective. This new system smells too much like a hyped-up, buzzword-added blacklist for my liking.
Liberal Ontarians and French Quebecers are draining Western Canada's wealth. Stop them now! Support Western separatism.
... you should use reputation of the AS (autonomous system). An AS is a group of IP addresses that are owned (generally) by the same entity.
There may be billions of IP addresses, but not that many ASes.
I started to write a spamassassin plugin that would track the spamminess of email by AS - haven't finished yet.
Excellent box fast responce would deal with again! A++++++++++
``Why on earth should lots of machines be able to send email from inside a corporation? Surely some smarthosts and block port 25 at the border routers is the way to go.''
Hmm, I don't like that idea. It basically forces you to send your mail through an SMTP server on the same network. Most machines I use use the sendmail command, which, AFAIK, connects directly to the MX for the receiving domains. I like this behavior, because (1) it doesn't put unnecessary load on any outgoing SMTP server, (2) doesn't have a single point of failure, and (3) doesn't allow the administrator of the outgoing server to inspect/filter/modify/reject the mail I send.
How do other people feel about this?
BTW: I am aware that using an outgoing SMTP server is standard practice on Windows, that traffic that leaves the network can still be inspected/filtered/modified/rejected at the gateway, and that a gateway is also a single point of failure. The point is that having an outgoing SMTP server _adds_ a piece of infrastructure where these problems occur. Also, it's usually easier to do any kind of content processing on an SMTP server than on a router. So, considering all this, how do people feel about having or not having to use an outgoing SMTP server?
Please correct me if I got my facts wrong.
China has surpassed the US in the zombie race. According to this page: http://www.trustedsource.org/zombiemeter.php China has taken the lead. Still the US zombies are more effective since almost all spam originates from the US. You just wait until the Chineese gets the Dragon CPU up and running.
HTTP/1.1 400
For example, on the "IP" page, it said that 255.255.255.255 is sending spam, and that 224.1.2.3 "raised concern".
:-)
Of course, those are not valid unicast IP addresses.
On the other hand, 192.168.10.12 is "inoffensive". Phew!
Wow, this is almost an exact copy of Ironport's Senderbase Reputation Score!
It's better to burn out than to fade away