CBL Index

The CBL Index is a ratio between the number of IP addresses in a given IP subnet (Subnetwork) to the number of CBL (Composite Blocking List) listings in the subnet. It may be used to measure how "clean" (of compromised computers) a given subnet is.[1]

The higher the number is, the "cleaner" the subnet.

The CBL index may be represented in Decibels (dB) or as CIDR suffix (*/xx).

Note: other spam researchers prefer to use a percentage of IPs that are listed in a subnet. Using percentages is better suited for "unclean" subnets because "clean" nets have significantly less than 1% of addresses listed.

Rationale

The CBL DNSBL (Composite Blocking List) lists IP addresses that are compromised by a virus or spam sending infection (computer worm, computer virus, or spamware).

The CBL's full zone (data) is available publicly via rsync for download.[2]

The CBL Index is a reasonably good tool for getting estimates of subnet "outgoing spam reputation". It should be treated with caution - subnets often contain IPs with radically different purposes. Assuming all IPs within a subnet represent the same risk/reputation is potentially dangerous.

The CBL Index may be used for estimation of overall anti-spam performance of ISP or AS operator.

Example

In CBL zone dated 2007-07-07T21:03+00:00 there was 166_086 IP addresses listed from 83.0.0.0/11 network.

The CBL Index for the net was: 2_097_152/166_086 = 12.6 (*/28.3 ; 11.0 dB)

2_097_152 - number of IP addresses in */11 network (2**(32-11))

Literature

  • Giovane César Moura (2013). Internet Bad Neighborhoods. Enschede: Ipskamp Drukkers. p. 25. doi:10.3990/1.9789036534604. ISBN 978-9036534604.

References

  1. "What is the CBL?".
  2. "The CBL". cbl.abuseat.org. Archived from the original on 16 July 2007. Retrieved 13 January 2022.


This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.