Re: RBL for bots?

[Valdis.Kletnieks () vt edu]

On Thu, 15 Feb 2007 19:02:12 CST, Gadi Evron said:
> Many of them are SMTP-based only. IP reputation is very limited still.
>
> Now, all that said, back on "most are broadband users" - no longer
> true. Many bots (especially in spam) are now web servers.

I'm willing to bet that most are *still* broadband users.  Quite likely,
even if 100% (yes, *every single last one*) of the "web servers" out there
were botted, that would likely still be less systems than if only 5% of end-user
systems were botted.  Just a little while back, Vint Cerf guesstimated that
there's 140 million botted end user boxes.  Unless 100% of Google's servers
are botted, there's no way there's that many botted servers. :)

And the fact that web servers are getting botted is just the cycle of
reincarnation - it wasn't that long ago that .edu's had a reputation of
getting pwned for the exact same reasons that webservers are targets now:
easy to attack, and usually lots of bang-for-buck in pipe size and similar.

Attachment: _bin
Description: