ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Solving spam == Solving zombies/botnets

2008-12-02 01:15:35
from [Lyndon Nerenberg] [Permanent Link] 
On 1-Dec-08, at 9:25 PM, Walter Dnes wrote:


 Botnets have evolved.  Instead of trying to send a million emails a
night through one zombied machine, botnets now send 4 emails a night
through each of 250,000 machines.  The latter is almost impossible to
detect, versus the former.
Perhaps not at the IDS level, but Spamassasin and the like are agnostic to injection rate.
While traffic analysis can help flag suspicious traffic, only content analysis will know to a degree that's trustworthy for automated processing. This is why DCC fails -- it can't tell the difference between a flood of spam and a flood of legitimate mailing list traffic. 

--lyndon
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Asrg] Solving spam == Solving zombies/botnets, Walter Dnes
Next by Date:  Re: [Asrg] Solving spam == Solving zombies/botnets, Andrew D Kirch
Previous by Thread:  [Asrg] Solving spam == Solving zombies/botnets, Walter Dnes
Next by Thread:  Re: [Asrg] Solving spam == Solving zombies/botnets, Rich Kulawiec
Indexes:  [Date] [Thread] [Top] [All Lists]