CBL Index
   HOME

TheInfoList



Click Here for Items Related To - CBL Index
OR:
CBL Index on:   [Wikipedia]   [Google]   [Amazon]

The CBL Index is a ratio between the number of IP addresses in a given IP subnet (
Subnetwork A subnet, or subnetwork, is a logical subdivision of an IP network. Updated by RFC 6918. The practice of dividing a network into two or more networks is called subnetting. Computers that belong to the same subnet are addressed with an identic ...
) to the number of CBL (
Composite Blocking List In computer networking, the Composite Blocking List (CBL) is a DNS-based Blackhole List of suspected E-mail spam sending computer infections. Overview The CBL takes its source data from very large spamtraps/mail infrastructures, and only lists I ...
) listings in the subnet. It may be used to measure how "clean" (of compromised computers) a given subnet is. The higher the number is, the "cleaner" the subnet. The CBL index may be represented in
Decibel The decibel (symbol: dB) is a relative unit of measurement equal to one tenth of a bel (B). It expresses the ratio of two values of a Power, root-power, and field quantities, power or root-power quantity on a logarithmic scale. Two signals whos ...
s ( dB) or as
CIDR Classless Inter-Domain Routing (CIDR ) is a method for allocating IP addresses for IP routing. The Internet Engineering Task Force introduced CIDR in 1993 to replace the previous classful network addressing architecture on the Internet. Its goal ...
suffix (*/xx). Note: other spam researchers prefer to use a percentage of IPs that are listed in a subnet. Using percentages is better suited for "unclean" subnets because "clean" nets have significantly less than 1% of addresses listed.


Rationale

The CBL
DNSBL A Domain Name System blocklist, Domain Name System-based blackhole list, Domain Name System blacklist (DNSBL) or real-time blackhole list (RBL) is a service for operation of mail servers to perform a check via a Domain Name System (DNS) query w ...
(
Composite Blocking List In computer networking, the Composite Blocking List (CBL) is a DNS-based Blackhole List of suspected E-mail spam sending computer infections. Overview The CBL takes its source data from very large spamtraps/mail infrastructures, and only lists I ...
) lists IP addresses that are compromised by a virus or spam sending infection (
computer worm A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It will ...
,
computer virus A computer virus is a type of malware that, when executed, replicates itself by modifying other computer programs and Code injection, inserting its own Computer language, code into those programs. If this replication succeeds, the affected areas ...
, or spamware). The CBL's full zone (data) is available publicly via rsync for download. The CBL Index is a reasonably good tool for getting estimates of subnet "outgoing spam reputation". It should be treated with caution – subnets often contain IPs with radically different purposes. Assuming all IPs within a subnet represent the same risk/reputation is potentially dangerous. The CBL Index may be used for estimation of overall anti-spam performance of ISP or AS operator.


Example

In the CBL zone dated 2007-07-07T21:03+00:00, there were 166,086 IP addresses listed from the 83.0.0.0/11 network. The CBL Index for this net was: 2,097,152 / 166,086 = 12.6 (*/28.3; 11.0 dB) 2,097,152 – number of IP addresses in a /11 network (calculated as 2^(32−11))


Literature

*


External links

*


References

Computer security procedures Spamming {{www-stub