[Asrg] Solving spam == Solving zombies/botnets
Lyndon Nerenberg
lyndon at orthanc.ca
Mon Dec 1 22:15:17 PST 2008
On 1-Dec-08, at 9:25 PM, Walter Dnes wrote:
> Botnets have evolved. Instead of trying to send a million emails a
> night through one zombied machine, botnets now send 4 emails a night
> through each of 250,000 machines. The latter is almost impossible to
> detect, versus the former.
Perhaps not at the IDS level, but Spamassasin and the like are
agnostic to injection rate.
While traffic analysis can help flag suspicious traffic, only content
analysis will know to a degree that's trustworthy for automated
processing. This is why DCC fails -- it can't tell the difference
between a flood of spam and a flood of legitimate mailing list traffic.
--lyndon
More information about the Asrg
mailing list