Yakov Shafranovich wrote:
I read over the transcripts, unfortunately my current bandwidth is way
too small for the videos. Well, Dr. Hancock's stuff is definatly
chilling, especially the parts about the new 802.16 wireless standard
with over 30 mbps going in the radius of 30 miles. Just think of all
zombies and open relays possible to be setup. A lot of the stuff he said
seems to support Barry's arguments that viruses, zombies and infected
computers are a major source of spam.
A lot of what everyone on that panel said supported that, especially
Nick and Michael, and my comment (which should be on the transcript).
Machines that open proxy (whether by naive analogx or wormed spamware)
are responsible for at _least_ 70% of all of our spam.
Some numbers off the spamtrap (numbers are: total over past 7 days,
%percentage of entire spamtrap):
BOPM 6611509 35.70
MONKEYPROXY 10091018 54.48
NTauto 1519398 8.20
NTliar 13481631 72.79
OBproxies 2784368 15.03
OSproxy 396490 2.14
OSsocks 8478399 45.78
These are effectiveness rates on our spamtrap against various open proxy
blacklists. DNSBL users will recognize several of these. NT* are ones
we build ourself. "NTauto" is a combined "open relay and proxy"
blacklist which doesn't generally overlap with others (it won't perform
a test if the IP is blacklisted by anybody else).
"NTliar" is a very specialized blacklist detecting attacks from open
proxies. And in case you're wondering about its reliability, in the
three weeks since NTliar was developed, it hasn't had a _single_ false
positive. Ever.
No, sorry, I cannot reveal how NTliar works without a NDA.
If you use DNSBLs, or even if you don't, there's no excuse not to use a
good open proxy blacklist.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg