[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Spam sent via spambots?
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] Spam sent via spambots?
- From: James Riden <j.riden@xxxxxxxxxxxx>
- Date: Mon, 01 Nov 2004 14:38:01 +1300
Nick FitzGerald <nick@xxxxxxxxxxxxxxxxxxx> writes:
> J.A. Terranson wrote:
>
> <<snip>>
>> > And further, does anyone have any idea how to pick apart how much of
>> > that is simply relaying type activity vs.dedicated spam-bot activity?
>>
>> Does it matter?
>
> Yes, as many of the former are simply due to (legitimate user)
> misconfiguration and do not provide any form of backdooring to the
> system, whereas the spammers are much more actively involved in
> "managing" the latter and can actively update/replace/supplement the
> code running on them. Thus the latter are much more likely able to
> avoid (or perhaps "survive") "fixing".
Very little spam seems to come from traditional open mail relays these
days. A lot of the stuff I look at has come direct from the spammer
themselves, or from dynamic space, or university resnets.
I can't give accurate statistics though, because we're rejecting mail
at our MXs using sbl-xbl.spamhaus.org, which is specifically designed
to stop this kind of thing in the first place. (Last time I checked,
XBL was a composite of CBL, http://cbl.abuseat.org/ and OPM, an open
proxy list - see http://www.spamhaus.org/xbl )
cheers,
Jamie
--
James Riden / j.riden@xxxxxxxxxxxx / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html