The Full Wiki

More info on CBL Index

CBL Index: Wikis

Advertisements

Note: Many of our articles have direct quotes from sources you can cite, within the Wikipedia article! This article doesn't yet, but we're working on it! See more info or our list of citable articles.

Encyclopedia

From Wikipedia, the free encyclopedia

The CBL Index is a ratio between the number of IP addresses in a given IP subnet (Subnetwork) to the number of CBL (Composite Blocking List) listings in the subnet. It may be used to measure how "clean" (of compromised computers) a given subnet is.

The higher the number is, the "cleaner" the subnet.

The CBL index may be represented in Decibels (dB) or as CIDR suffix (*/xx).

Note: other spam researchers prefer to use a percentage of IPs that are listed in a subnet. Using percentages is better suited for "unclean" subnets because "clean" nets have significantly less than 1% of addresses listed.

Rationale

The CBL DNSBL (Composite Blocking List) lists IP addresses that are compromised by a virus or spam sending infection (computer worm, computer virus, or spamware).

The CBL's full zone (data) is available publicly via rsync for download, you are encouraged to register for it - see http://cbl.abuseat.org for more detail.

The CBL Index is a reasonably good tool for getting estimates of subnet "outgoing spam reputation".

The CBL Index should be treated with caution - subnets often contain IPs with radically different purposes. Assuming all IPs within a subnet represent the same risk/reputation is potentially dangerous.

The CBL Index may be used for estimation of overall anti-spam performance of ISP or AS operator.

Example

In CBL zone dated 2007-07-07T21:03+00:00 there was 166_086 IP addresses listed from 83.0.0.0/11 network.

The CBL Index for the net was: 2_097_152/166_086 = 12.6 (*/28.3 ; 11.0 dB)

2_097_152 - number of IP addresses in */11 network (2**(32-11))


Advertisements






Got something to say? Make a comment.
Your name
Your email address
Message