On 1-Dec-08, at 9:25 PM, Walter Dnes wrote:
Botnets have evolved. Instead of trying to send a million emails a
night through one zombied machine, botnets now send 4 emails a night
through each of 250,000 machines. The latter is almost impossible to
detect, versus the former.
Perhaps not at the IDS level, but Spamassasin and the like are
agnostic to injection rate.
While traffic analysis can help flag suspicious traffic, only content
analysis will know to a degree that's trustworthy for automated
processing. This is why DCC fails -- it can't tell the difference
between a flood of spam and a flood of legitimate mailing list traffic.
--lyndon
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg