127.0.0.*
|
Automatically generated lists have automatic removal
processes. Put simply remove the source of the abuse listing and an
automatic retest will remove the entry. A waiting/parol period is
assigned according to the extent of the abuse. This can be checked using
the IP Query Tool or the
Spammer WHOIS archive used to generate the lists.
|
127.0.1.*
|
Manual or semi-automatic lists have retest and removal request criteria, see below for details.
|
127.0.*.*
(bl.techtheft.info)
|
#
# Combined Zone
# This zone includes all listed IPs in all sub zones
# Excluding the watchlist and whitelist zones
# Also excluding the *.whois.bl.* RHSBL zones.
#
# Some included zones have High collateral damage risk
# Use at your discretion.
# If in doubt use sub zones individually.
#
|
Overview
|
# Active Source values
0.0.1 spam source
0.0.2 service scanning / intrusion
0.0.3 robot attack
0.0.4 virus infection
0.0.9 other
# Supporting services from tests
0.0.10 domain hosting
0.0.11 support (other)
# Informational / Large-Scale or Boycott Blocking
0.0.20 ISP Boycott
0.0.21 expanded listings
0.0.22 bogon net blocks
# Fixed Manual Lists
1.1.127 whitelist
1.1.128 watchlist
# *.2.* RHSBL result
# WHOIS informational
1.2.0 WHOIS UNKNOWN or unchecked
1.2.1 WHOIS GOOD
1.2.2 WHOIS BAD
|
127.1.2.2
(bad.whois.bl.*)
|
#
# Semi-Automatic listing of Domain Names
#
# ADDITIONS: Automatic based on manually verified WHOIS data.
#
# CONTENT: Domains with Inaccurate or Falsified WHOIS records.
#
# REMOVAL: Change to GOOD or UNKNOWN status only.
#
# USE: Informational.
#
|
127.0.0.22
(bogon.bl.*)
|
#
# Semi-Automatic listing of net ranges
#
# ADDITIONS: Automatic ONLY.
# Made via IANA registry input.
# Made from BGP registry data.
# Made from Internet Standard RFC Documents
#
# CONTENT:
#
# IPA reserved by IANA for use off the Internet
# IPA seen on the Internet without RIR allocation
# IPA allocated by RFC documents for purely local use
#
# These IPA should never appear in any Internet traffic.
#
# REMOVAL: Automatic ONLY. Some never.
#
# USE: Block and Firewall on sight.
#
|
127.0.0.5
(conferr.bl.*)
|
#
# Automatic listing of IPA
#
# ADDITIONS: automatic ONLY.
# made via server and firewall logs
#
# CONTENT:
#
# IPs without Reverse-DNS
# IPs with Broken DNS
#
# REMOVAL:
# Automatic - tested at irregular intervals.
# Manual - Re-test can be requested.
#
# USE: Block for clear access.
#
|
127.0.0.10
(domain.bl.*)
|
#
# Semi-Automatic listing of IPA
#
# ADDITIONS: Automatic from trap inputs.
# Spamsites.org current Spam-Support Domains
#
# CONTENT:
#
# IP of machines hosting domains owned by known spammers
# IP of domains included on the spamsites.org list
#
# ADDITIONAL: spamsites.org content
#
# Domains selling software built for spamming
# Domains selling services optimised for spammers
# 'bulletproof hosting' etc.
#
# REMOVAL:
# Automatic only.
# Listing disappears when domain or spammer dies.
#
# USE:
# Block if boycoting spam supporters.
# Some collateral damage on dense hosts.
#
|
127.0.0.21
(expanded.bl.*)
|
#
# Semi-Automatic listing of net ranges
#
# ADDITIONS: Based on automatic data.
#
# CONTENT:
#
# Net ranges with significant automatic listings inside
#
# REMOVAL:
# Automatic ONLY
# Removal of ALL listings inside
# Listing disappears with last subordinate listing
#
# USE: Block on sight. Firewall if possible.
#
|
127.1.2.1
(good.whois.bl.*)
|
#
# Semi-Automatic listing of Domain Names
#
# ADDITIONS: Automatice based on manually verified WHOIS data.
#
# CONTENT: Domains with Accurate WHOIS records.
#
# REMOVAL: Change to BAD or UNKNOWN status only.
#
# USE: Informational Only.
#
|
127.0.0.20
(isp.bl.*)
|
#
# Semi-Automatic listing of net ranges
#
# ADDITIONS: Based on automatic data.
#
# CONTENT:
#
# Net ranges belonging to ISP under internet boycott
#
# REMOVAL:
# Removal of ALL reasons for the boycott
# Listing disappears with boycott conditions
#
# USE: Block on sight. Firewall if possible.
#
|
127.0.0.9
(other.bl.*)
|
#
# Automatic listing of IPA
#
# ADDITIONS: automatic ONLY.
# made via server and firewall logs
#
# CONTENT:
#
# This zone includes IPs generally behaving badly.
# It does NOT include strange behaviour identified as signs
# of robot, virus, or spam activity
#
# IP scanning strange ports for access
# IP sending data in violation of port standard protocol
#
# REMOVAL:
# Automatic - 120 days after last sighting.
# Manual - Quarantine can be reduced to 15 days
# If behaviour continues after request it WILL be re-added.
#
# USE: Tag or Score ONLY.
# High Collateral Damage risk.
#
|
127.0.0.3
(robot.bl.*)
|
#
# Automatic listing of IPA
#
# ADDITIONS: automatic ONLY.
# made via server logs and traps
#
# CONTENT:
#
# IPs of robots disobeying robot restrictions
#
# REMOVAL: Automatic only.
# Listing disappears shortly after last sighting
#
# USE: Block on sight.
#
|
127.0.0.2
(scanning.bl.*)
|
#
# Automatic listing of IPA
#
# ADDITIONS: automatic ONLY.
# made via server and firewall logs
#
# CONTENT:
#
# IPs scanning for relay or proxy access
# machines scanning others for exploited status
# This does NOT include viruses themselves doing the probe.
# That is listed as a viral infection where known.
#
# REMOVAL:
# Automatic - 90 days after last sighting.
# Manual - Quarantine can be reduced to 15 days
#
# USE: Block on sight.
#
|
127.0.0.1
(source.bl.*)
|
#
# Automatic listing of IPA
#
# ADDITIONS: automatic ONLY.
# Made via direct trap inputs
#
# CONTENT:
#
# Sources of Spam
# Sources of Challenge-Response email
# Open Proxies/Relays Sending Spam
# Infected machines sending Spam
# Sources of email with forged details (Spam)
# Any other machine sending email to our Spamtraps
#
# REMOVAL: Automatic only.
# Listing disappears after last sighting
#
# USE: Block on sight.
#
|
127.0.0.11
(support.bl.*)
|
#
# Semi-Automatic listing of IPA
#
# ADDITIONS: Automatic from trap inputs.
# Spamsites.org current Spam-Support Domains
#
# CONTENT:
#
# IP of machines providing MX for spammer domains
# IP of machines providing DNS for spammer domains
# Networks/ISP refusing to remove spam services
# Networks/ISP not responding to problem reports
# (NP: fast removal of the problem is considered a response)
#
# REMOVAL:
# Automatic only.
# Listing disappears when service ceases.
#
# USE:
# Block if boycoting spam supporters.
# Some collateral damage on dense hosting sites.
#
|
127.0.0.4
(virus.bl.*)
|
#
# Automatic listing of IPA
#
# ADDITIONS: Automatic ONLY.
# Made via direct trap inputs
#
# CONTENT:
#
# IP of machines infected with a virus or like malware
# IP of machines scanning with known viral signatures
# IP of any machine spreading viral material
# IP for domains acting as download points for viral content
# IP of any machine sending active viral content
#
# REMOVAL:
# Automatic - 5 days after last sighting
# Manual Request - Quarantine period can be dropped to 24 hours.
#
# USE: Block on sight.
#
|
127.1.1.128
(watchlist.bl.*)
|
#
# Semi-Manual listing of IP addresses
#
# ADDITIONS:
# Public Nominations.
# Reference to domain name in reports
# Reference to IP or netblock in reports
#
# CONTENT:
#
# IP ranges hosting a domain on the watchlist
# IP ranges nominated for abuse
# NP: IPs and domains are being watched as there is no current local evidence
# for the offences claimed by third-parties.
#
# REMOVAL:
# On Request.
# Proof of accusation received will move it to another list.
# Proff of a link to spamming operation will move it to another list.
#
# USE:
# Do Not Block.
# Tagging/Scoring recommended
# HIGH Collateral damage risk.
#
|
127.1.1.127
(whitelist.bl.*)
|
#
# Manual listing of IP addresses
#
# ADDITIONS: RBL Maintainers Privilege.
#
# CONTENT:
#
# IP ranges with operating abuse desks and control measures.
# IP ranges where abuse desk fix problems fast
# IP ranges where Internet standards of operation are used.
#
# REMOVAL:
# RBL Maintainers Privilege.
# Proof of non-compliance of own TOS
# Proof of non-compliance of net standards
# Contradiction of terms under which initial addition was made.
#
# USE: Do not block. Problem Reports will be accepted and acted on.
#
|
127.1.2.0
(whois.bl.*)
|
#
# Combined List of Domain Names with WHOIS status records.
#
# ADDITIONS: Automatic and Manual.
#
# CONTENT:
# Any Domain Name that is brought to our attention
#
# REMOVAL: Listing shift between GOOD, BAD, and UNKNOWN status only
#
# USE: Informational Only.
#
|
