Jump to content

CBL Index

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Ost316 (talk | contribs) at 14:02, 2 April 2019 (WP:AWB cleanup). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

The CBL Index is a ratio between the number of IP addresses in a given IP subnet (Subnetwork) to the number of CBL (Composite Blocking List) listings in the subnet. It may be used to measure how "clean" (of compromised computers) a given subnet is.[1]

The higher the number is, the "cleaner" the subnet.

The CBL index may be represented in Decibels (dB) or as CIDR suffix (*/xx).

Note: other spam researchers prefer to use a percentage of IPs that are listed in a subnet. Using percentages is better suited for "unclean" subnets because "clean" nets have significantly less than 1% of addresses listed.

Rationale

The CBL DNSBL (Composite Blocking List) lists IP addresses that are compromised by a virus or spam sending infection (computer worm, computer virus, or spamware).

The CBL's full zone (data) is available publicly via rsync for download.[2]

The CBL Index is a reasonably good tool for getting estimates of subnet "outgoing spam reputation". It should be treated with caution - subnets often contain IPs with radically different purposes. Assuming all IPs within a subnet represent the same risk/reputation is potentially dangerous.

The CBL Index may be used for estimation of overall anti-spam performance of ISP or AS operator.

Example

In CBL zone dated 2007-07-07T21:03+00:00 there was 166_086 IP addresses listed from 83.0.0.0/11 network.

The CBL Index for the net was: 2_097_152/166_086 = 12.6 (*/28.3 ; 11.0 dB)

2_097_152 - number of IP addresses in */11 network (2**(32-11))

Literature

  • Giovane César Moura (2013). Internet Bad Neighborhoods. Enschede: Ipskamp Drukkers. p. 25. doi:10.3990/1.9789036534604. ISBN 9036534607.

References