[sniffer] Re: Opening truncate.gbudb.net

Mon, 10 May 2010 13:33:25 -0700 

On 5/10/2010 4:16 PM, Colbeck, Andrew wrote:

Hey, Pete.

I contacted one of the recipients and ran down one of those intermediate
hops which triggered on truncate.gbudb.net ... It was an intermediate
hop at AOL (rly presumably means relay)


Ok.

<snip/>


The GBU list is emitting TXT records as well as the A record, perhaps it
would be useful to actually state the IP as well in that text.


<snip/>


I suggest that if others find this valuable as well, and you find it
reasonable, that the text could look like this:

"GBUdb Cloud Truncate c>  0.2, p>  0.9 for [205.188.84.131]"



That's a useful suggestion.
We're working on the GBUdb.com site now.
We will want to include the URL in the text also.
I'll combine the two suggestions when we're ready and then change the generator code appropriately. 


I'll send the whole header to support@ in case you are interested in
this particular IP.
Presumably this is causing some false positives for somebody using SNF -- though they have not been reported. For folks who want a more refined GBUdb response it would probably be useful to program drilldown directives for AOL servers. This would allow GBUdb to drill past the intermediate servers toward the original source where appropriate. Of course, if this particular intermediate server is in the position to be heavily abused by folks hacking web mail on AOL then of course it's reputation is going to be reflect that. 

Thanks,

_M

--
Chief Scientist
ARM Research Labs, LLC
www.armresearch.com


#############################################################
This message is sent to you because you are subscribed to
 the mailing list <sniffer@sortmonster.com>.
This list is for discussing Message Sniffer,
Anti-spam, Anti-Malware, and related email topics.
For More information see http://www.armresearch.com
To unsubscribe, E-mail to: <sniffer-...@sortmonster.com>
To switch to the DIGEST mode, E-mail to <sniffer-dig...@sortmonster.com>
To switch to the INDEX mode, E-mail to <sniffer-in...@sortmonster.com>
Send administrative queries to  <sniffer-requ...@sortmonster.com>

Reply via email to