Hi there,
when looking through traffic analysis, I can more or less easily
identify IP addresses that exhibit bad behavior (like
massive port/address scanning, attempting to log into joomla/wp
administration URLs, POP3/SMTP account scanning, etc) which need to be
blocked. Now, since most of these
Hi Markus
So, what alternatives are there?
How about using services from Dshield
(http://www.dshield.org/howto.html) or Threatstop
(http://www.threatstop.com/IP-Reputation-Service-Overview especially
step 5)
Basically you submit your logs and they do the lookup for you and you
can benefit
Hi Markus
There are a couple of standardized abuse report forms to report incidents or
spam which can automaticly be processed by abuse desks.
Ask Google for ARF oder X-ARF
Then there is the problem of finding the abuse contacts. I agree, whois reply
parsing is absolutely ugly, especialy as
On 2013-08-23 09:43, Markus Wild wrote:
[..]
My manual approach would be to lookup whois
data for the respective IP (which by itself can be a multi step process,
since you first need to find the right registry), and look for an
abuse-contact there. But, whois isn't exactly engineered for
4 matches
Mail list logo