Ignoring IP Blocks

The GBUdbIgnoreList.txt file does not understand CIDR or wildcards. That's because GBUdb doesn't understand them either - each GBUdb record represents exactly one IP address.

If you want to ignore an entire block of IPs without making a specific entry for each one then an efficient way to do that is to add a drilldown entry using a partial IP pattern for the block of IPs you want to map as infrastructure. For example, if you want to ignore any message sources in the block 12.34.56.0/24 then you could create a drilldown entry like the following:

<received ordinal='0' find='[12.34.56.' /> 

The result would be that whenever a server delivers a message from that IP block, the top (ordinal 0) received header would contain that pattern and the IP from that received header would be automatically be added to the GBUdb with the Ignore flag.

Note that if the pattern is found in a different Received header nothing special will happen. This way forged Received headers containing the pattern won't have any effect (presuming the header directive is coded properly).

Related Topics