On 09/28/2015 09:54 PM, Axb wrote:
On 09/28/2015 09:49 PM, Amir Caspi wrote:
On Sep 28, 2015, at 1:34 PM, Axb <axb.li...@gmail.com> wrote:
you may need to start looking at a local RBL and start blocking IP
ranges
been blocking snowshoe from Baraka Streaming Technologies Inc
38.113.188.0/22 since 2014-06-18 - no complaints - ymmv
Will look into it, but that doesn't really address my questions. It
would take care of this batch of snowshoe but I'm thinking more
generally. Would a "forged" rule be worthwhile, or not recommended
for some reason? (If low-scoring.) And why is HTML_FONT_LOW_CONTRAST
just a placeholder when network tests are enabled?
whois is your friend...
Not sure how whois would have helped me here... the SOA for this IP
range is amanah.com, but that doesn't really tell me much.
Thanks.
you run whois on the IP...
X-ClientAddr: 38.113.189.110
take a look... way down...
whois 38.113.189.110
Found a referral to rwhois.cogentco.com:4321.
%rwhois V-1.5:0010b0:00 rwhois.cogentco.com
network:ID:NET4-2671BC0016
network:Network-Name:NET4-2671BC0016
network:IP-Network:38.113.188.0/22
network:Postal-Code:M5H 4E7
network:Country:CA
network:City:Toronto
network:Street-Address:157 Adelaide St W
network:Org-Name:Baraka Streaming Technologies Inc.
network:Tech-Contact:ZC108-ARIN
network:Updated:2015-06-19 18:43:09
then you get hold of fast-rdns.pl from
http://www.spamshield.org/fast-rdns.pl
and use that to check ranges, and if you're lucky find all kinds of nice
muck before "listing"...
enough sauce for today .-)
