[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] In case anyone thought Barry was exaggerating

To: Asrg@ietf.org
Subject: Re: [Asrg] In case anyone thought Barry was exaggerating
From: Markus Stumpf <maex-lists-spam-ietf-asrg@Space.Net>
Date: Tue, 1 Jul 2003 20:54:51 +0200
In-reply-to: <16128.43284.257632.413036@world.std.com>; from bzs@world.std.com on Mon, Jun 30, 2003 at 05:18:12PM -0400
List-archive: <https://www1.ietf.org/pipermail/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
Organization: SpaceNet AG, Muenchen, Germany
References: <5.2.0.9.2.20030626205937.00b3e2e8@std5.imagineis.com> <5.2.0.9.2.20030626111203.00b4eb68@std5.imagineis.com> <p0600171cbb20a2f759ad@[192.168.1.104]> <5.2.0.9.2.20030627120912.00babb10@std5.imagineis.com> <16124.53326.946533.799165@world.std.com> <20030628014626.C45744@Space.Net> <16128.43284.257632.413036@world.std.com>
Sender: asrg-admin@ietf.org
User-agent: Mutt/1.2.5.1i

On Mon, Jun 30, 2003 at 05:18:12PM -0400, Barry Shein wrote:
> Ok ok, fair enough, but there is something so low-intensity about
> zombie spambots that it seems to have gone on for months with people
> only noticing the result. That makes it different.

Agreed ;-)

However I notice in my logs (emails to non-existant users) that there
are patterns, where spammers concentrate on one account. I see within
a 30 second timeframe connections from about 10-50 different hosts where
they try to double inject messages to one user.
I have also seen similar behaviour with kinda dictionary spams where
they always have 5-10 hosts in parallel work on a subset of usernames
e.g.    aa*@domain to ae*@domain
	af*@domain to al*@domain
	[ ... ]
and a total of some 100 hosts per day. If the spammer didn't "fine tune"
the process and there are 40-50 hosts in parallel it qualifies for a DDoS,
IMHO.

	\Maex

-- 
SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
 proportional to the amount of vacuity between the ears of the admin"

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

References:
- Re: [Asrg] In case anyone thought Barry was exaggerating
  - From: Yakov Shafranovich
- Re: [Asrg] In case anyone thought Barry was exaggerating
  - From: Yakov Shafranovich
- [Asrg] In case anyone thought Barry was exaggerating
  - From: Kee Hinckley
- Re: [Asrg] In case anyone thought Barry was exaggerating
  - From: Yakov Shafranovich
- Re: [Asrg] In case anyone thought Barry was exaggerating
  - From: Barry Shein
- Re: [Asrg] In case anyone thought Barry was exaggerating
  - From: Markus Stumpf
- Re: [Asrg] In case anyone thought Barry was exaggerating
  - From: Barry Shein

Prev by Date: [Asrg] GIEIS: you will obey. Resistance is futile.
Next by Date: RE: [Asrg] US Spam patents: Partial list
Previous by thread: Re: [Asrg] In case anyone thought Barry was exaggerating
Next by thread: Re: [Asrg] In case anyone thought Barry was exaggerating
Index(es):
- Date
- Thread