Home / server / Questions / 949369
In Process
Wayne Conrad
Asked: 2019-01-17 07:03:18 +0800 CST

Find an IP that is known to be on a DNSBL

  • 772

I am configuring Zabbix to check my IPs against several DNSBLs. My IPs are currently not blacklisted. My monitoring needs to be tested, to verify that it will alert properly if one of my IPs does become blacklisted. How can I obtain, for testing, a known bad IP, one that is on a DNSBL?

Details

I've searched for published blacklists, but haven't found any. I'm guessing that publishing the lists would aid spammers, or have other bad side-effects.

Zabbix will call a Ruby script. That script will probably just shell out to rblcheck, since the lists it checks seem like a good start:

$ rblcheck 8.8.8.8
8.8.8.8 not listed by sbl.spamhaus.org
8.8.8.8 not listed by xbl.spamhaus.org
8.8.8.8 not listed by pbl.spamhaus.org
8.8.8.8 not listed by bl.spamcop.net
8.8.8.8 not listed by psbl.surriel.com
8.8.8.8 not listed by dul.dnsbl.sorbs.net

The DNSBLs that rblcheck uses is configurable. I can add or remove DNSBLs as needed, either permanently, or for testing.

linux

1 Answers

  1. You could use spamcop statistics to find an IP.

    It give netblock in the /24

    You can see here; https://www.spamcop.net/w3m?action=map;net=cmaxcnt;mask=65535;sort=spamcnt

    From that page after you can click the SB link, and you will have directly some IP

    An example; https://talosintelligence.com/reputation_center/lookup?search=77.120.228.0%2F24

    enter image description here

    • 4