Hey everyone, I'm just getting back from vacation now, catching up on email.
GrayHat wrote: > > Yes, at a bare minimum, using the DNS interface you'll be able to > perform standard RBL queries, then, if you use the "client module" > you'll be able to feed to KS as much data you have and retrieve > a "weighted response" which may help cutting the time needed to > check a given incoming message > Here are a couple examples of the kind of query response you can get when you use the client module. 20070730-14:09:39 [EMAIL PROTECTED]:~% karmaclient --tcp --composite=karmasphere.manywl --domain=yahoo.com Response id 'mkc0': ???ms, 1 combinations, 5 facts Combiner 'karmasphere.manywl': verdict 1000 (mailzone.dnswl=1000*1000.0 mailzone.wl5=1000*1000.0 mailzone.wl6=1000*1000.0 uribl.domain-white=1000*1000.0 verisign.securedsitelist=1000*1000.0) Feed 'mailzone.dnswl': identity 'yahoo.com' opinion 1000 (Listed in dnswl.mailzone.com) Feed 'mailzone.wl5': identity 'yahoo.com' opinion 1000 (Listed in wl5.mailzone.com) Feed 'uribl.domain-white': identity 'yahoo.com' opinion 1000 (Whitelisted, see http://lookup.uribl.com/?domain=$) Feed 'verisign.securedsitelist': identity 'yahoo.com' opinion 1000 (null data) Feed 'mailzone.wl6': identity 'yahoo.com' opinion 1000 (Listed in Meng's whitelist) 20070730-14:09:43 [EMAIL PROTECTED]:~% karmaclient --tcp --composite=karmasphere.email-sender --ip4=127.0.0.2 Response id 'mkc0': ???ms, 1 combinations, 12 facts Combiner 'karmasphere.email-sender': verdict -1000 (abuseat.cbl: if-bad(0) => return-bad(1.0)) Feed 'spamcop.bl': identity '127.0.0.2' opinion -1000 (Blocked - see http://www.spamcop.net/bl.shtml?$) Feed 'cymru.bogons': identity '127.0.0.2' opinion -1000 (Invalid source IP address (cymru)) Feed 'uribl.ip-grey': identity '127.0.0.2' opinion -1000 (Greylisted, see http://lookup.uribl.com/?domain=$) Feed 'abuseat.cbl': identity '127.0.0.2' opinion -1000 (Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=$) Feed 'virbl.blacklist': identity '127.0.0.2' opinion -1000 (VIRBL test entry) Feed 'dsbl.list': identity '127.0.0.2' opinion -1000 (http://dsbl.org/listing?$) Feed 'njabl.dnsbl': identity '127.0.0.2' opinion 1000 (open relay -- 1008601823) Feed 'trusted-forwarder.ips': identity '127.0.0.2' opinion 1000 (Listed in trusted-forwarder.org) Feed 'returnpath.senderscorecertified': identity '127.0.0.2' opinion 1000 (Listed in ReturnPath Sender Score Certified) Feed 'sorbs.safe': identity '127.0.0.2' opinion -1000 (Low false positive zone See: http://www.sorbs.net/lookup.shtml?$) Feed 'uribl.ip-black': identity '127.0.0.2' opinion -1000 (Blacklisted, see http://lookup.uribl.com/?domain=$) Feed 'tqmcube.dhcp': identity '127.0.0.2' opinion -1000 (TEST record. See http://tqmcube.com) GrayHat wrote: > > heh.. that may be possible, as it may be possible for KS to go > commercial and only offer their services to paying customers > but... that doesn't apparently seem to be their business model > at least not at the moment; again, I'd like to know more about > who is behind KS, all I can say for the moment is that it seems > to be working.. and working well enough > I'm behind KS. The SPF / DK movement showed us that authentication is not enough; you need reputation as well, to keep track of the good guys and bad guys. So I built Karmasphere to provide reputation. One thing KS provides is simplicity. There are so many DNSBLs out there, we're at the point where if reputation is to take off, it'll help to have a one-stop-shop for reputation queries, so that the next time an Osirusoft or ORDB goes dark, admins everywhere won't have to scramble to update their config files. KS also encourages the development of domain whitelists. IP blacklists are getting kind of old; I believe that domain whitelists are the next step. So Karmasphere supports that. KS is also bringing up some next-generation tools that make it easy to research the reputation of any URL or domain. A couple of examples: http://labs.karmasphere.org/dp/ http://www.karmasphere.com/help/faq/visibl Finally, I know that no reputation system is perfect. I want to point out that "karmasphere.email-sender" is just one feedset; other combinations of feeds are equally possible. In the spirit of Web 2.0, if you don't like a particular feedset, you can go ahead and clone it and tweak it. If you don't agree with a particular feed, you can upload your own whitelists and blacklists. So in that sense KS is like the Flickr of DNSBLs/DNSWLs. -- View this message in context: http://www.nabble.com/KarmaSphere%3A-an-idea-for-ASSP---tf4130838.html#a11884430 Sent from the assp-user mailing list archive at Nabble.com. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
