On Fri, May 16, 2003 at 05:09:36PM -0400, Paul Judge wrote:
Hey Steve,
Can you provide a little more information about your observations? For
example, what is the source of this data?
Various sources, ranging from my own (completely unfiltered) mailbox,
spamtrap feeds through to data analysis done for a number of our
clients.
What percentage comes from each source?
Couldn't tell you - that's not data I was (or am) interested in
gathering. This is a rough ranking of the relative proportions of
different sources of spam I've observed, not an exact count.
Over what timeframe was this data observed?
Recently, say the last three months.
How do you determine if
a proxy is on a trojan or installed by the machine's owner?
There are a number of ways, some of which I won't mention on a public
list. Two of the more obvious ways to spot trojans are proxies
listening on non-standard ports and forensic analysis of the
compromised machines. Trojans and compromise machines are definitely
in the minority - there are easier ways to send spam right now.
Cheers,
Steve
Thanks
-----Original Message-----
From: Steve Atkins [mailto:steve(_at_)blighty(_dot_)com]
That's not what I'm seeing. I'd say that there was a lot
coming from normal legitimate servers - sometimes offshore,
sometimes in the US - a lot coming via open proxies, a fair
few through open relays, some being sent through scripted
freemail webmail, a few coming from compromised machines and
a few from end-user accounts.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg