Re: [Sqlgrey-users] A smarter smart

[Michel B. <mi...@bo...>]

Le Mardi 15 F=E9vrier 2005 17:18, Lionel Bouton a =E9crit :
> >
> >Here is an example of a series of hostnames/addresses that the origina=
l
> >SQLgrey would take as "Class C" (for they don't have the end of their =
IP
> >address in their hostname), and my patch will consider "dynamic /
> > end-user" machines, and thus use the full IP address :
>
> For comparison : on the same sample how many addresses aren't recognize=
d
> as "dynamic / end-user" by the regexps but are by the smartc algo ?
> What's the total recognized by one of them. This way we'll have an idea
> of the % of improvement.

I don't have total figures and percentages on hand, but I can say that:

1/ All the entries that are recognized by the original smartc algo are al=
so=20
recognized byt the regexps, except for situations where the original algo=
=20
could make mistakes for some mailservers that would have part of their IP=
 in=20
their name, and that the regexp would properly recognize as mailservers=20
(Class C). I've already seen such cases with some mailserver pools that p=
ut=20
the IP of the server as part of its name, such an example would be :

mxpool10-123.231.bigisp.com [10.10.123.231]

Here the original code would mistake, but not the my regexp series (that =
tries=20
to identify mailservers first).


2/ The original code misses real "big players" end-user networks, such as=
 AOL=20
(example: ACB296F3.ipt.aol.com[172.178.150.243]) or cable.rogers.com=20
(example:=20
CPE00055df38a0c-CM00407b87707e.cpe.net.cable.rogers.com[69.197.247.61]), =
or=20
AT&T (example: h00095b733a11.ne.client2.attbi.com[65.96.239.10]), etc, et=
c.

These big players end user networks are *huge* sources of viruses and spa=
m, so=20
if we can improve the code to identify them properly, I guess it is a=20
valuable improvement -- even though I don't have precise figures and no t=
ime=20
to do statistics ;-))

Cheers.

--=20
Michel Bouissou <mi...@bo...> OpenPGP ID 0xDDE8AC6E