B. Johannessen wrote:
On Wed, 2003-12-10 at 23:12, Yakov Shafranovich wrote:
Humor aside, those studies may not be accurate. A while back a report
from MessageLabs claimed that over 80% of all spam was sent from
hijacked computers. When asked directly, MessageLabs admitted that they
were counting open proxies as "hijacked computers". So anytime such
study is made, you have to check the raw data.
For what it's worth, here are some information about the senders of
spam that ended up in my traps Tuesday (midnight to midnight UTC):
Spam seen: 246
Distinct IPs: 231
IPs in dul.dnsbl.sorbs.net: 121
IPs running unfiltered "Microsoft Windows msrpc": 111
IPs running unfiltered "Microsoft Windows UPnP": 86
This in itself proves nothing, but I don't think it would be
unreasonable to assume that a significant portion of the 121
machines listed in dul.dnsbl.sorbs.net have been compromised.
If numbers like these are of any interest, I'll post some more
detailed numbers when I have more data, and some time to do a
more in-depth analysis.
I think that the Analysis subgroup might be very happy to look at this
stuff. I have CCed the coordinator of that subgroup on this message.
Yakov
-------
Yakov Shafranovich / asrg <at> shaftek.org
SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
"And this too shall come to pass"
-------
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg