New service - the Team Cymru Malware Hash Registry!

Steve Freegard steve.freegard at fsl.com
Tue Oct 28 16:22:35 GMT 2008


Hi Martin,

Martin.Hepworth wrote:
> Running here against latest beta (with freeBSD v.old and exim).
> 
> So far so good - no hits yet so hard to say, but performance could be an issue for people, I've noticed a marked slow down in overall scanning times even with the caching DNS etc
> 

It would seen that it's international bandwidth that is the issue.

I wrote and tested the scanner this morning on one of the FSL test boxes 
which is in Washington DC on a 10Mb Comcast cable line and have yet to 
see a timeout.

However - just tried this on my laptop:

smf at laptop-smf:~$ ./generic_hash_scanner.pl *.pl
CLEAN::File::./clear_queue_orphans.pl
INFO::ERROR::Timed out after 30 seconds (4 remaining sockets waiting 
after 29 checks)

smf at laptop-smf:~$ host -t NS hash.cymru.com
hash.cymru.com name server ns1.hash.cymru.com.
hash.cymru.com name server ns2.hash.cymru.com.

smf at laptop-smf:~$ host ns1.hash.cymru.com
ns1.hash.cymru.com has address 216.90.108.33

smf at laptop-smf:~$ host ns2.hash.cymru.com
ns2.hash.cymru.com has address 216.90.108.34

smf at laptop-smf:~$ host -t TXT 34.108.90.216.asn.routeviews.org
34.108.90.216.asn.routeviews.org descriptive text "23028" "216.90.108.0" 
"24"

smf at laptop-smf:~$ host -t TXT 34.108.90.216.countries.blackholes.us
34.108.90.216.countries.blackholes.us descriptive text "us"

Looks to me like they could do with some extra mirrors particularly in 
Europe as my RTT from Zen Internet in the UK is > 150ms

Cheers,
Steve


More information about the MailScanner mailing list