On Mon, Jul 10, 2006 at 07:55:50AM +0000, Andy Smith wrote: > On Mon, Jul 10, 2006 at 10:48:48AM +0300, Juha-Matti Tapio wrote: > > On Mon, Jul 10, 2006 at 02:46:56AM +0000, Andy Smith wrote: > > > Unfortunately SORBS also lists IPs in DUHL if their PTR in DNS has a > > > TTL that SORBS regards as "too high." > > That is incorrect. SORBS does not list IPs for too low TTL. > Er yes, I meant to say "too low" there. As I suspect you meant to > say "too high" or "SORBS lists IPs for too low TTL." :) Actually I was so tired that I did not even notice the high/low typo on your post :) What I actually meant that (at least I have read so) SORBS does not list because of TTL. It is a delisting criteria, and I think the point is to show that the rDNS is not changed just for tricking SORBS. If this is correct, and I do believe it is, SORBS does not require that the TTL be permanently high and dropping the TTL a reasonable time later (for example to prepare for faster name changes) is not alone sufficient reason for relisting (if I am mistaken, someone can propably correct me). If SORBS actually went around searching for IP's with low TTL and listing them for that, I agree that it would propably be a bad idea and cause too many false positives.
Attachment:
signature.asc
Description: Digital signature