On 1-Dec-08, at 9:25 PM, Walter Dnes wrote:
Botnets have evolved. Instead of trying to send a million emails a night through one zombied machine, botnets now send 4 emails a night through each of 250,000 machines. The latter is almost impossible to detect, versus the former.
Perhaps not at the IDS level, but Spamassasin and the like are agnostic to injection rate.
While traffic analysis can help flag suspicious traffic, only content analysis will know to a degree that's trustworthy for automated processing. This is why DCC fails -- it can't tell the difference between a flood of spam and a flood of legitimate mailing list traffic.
--lyndon _______________________________________________ Asrg mailing list Asrg at irtf.org https://www.irtf.org/mailman/listinfo/asrg