Full Disclosure mailing list archives
Re: the world of botnets article and wrong numbers
From: "Toby McKay" <mcktoby () gmail com>
Date: Thu, 14 Sep 2006 16:57:45 +0300
On 9/14/06, 3APA3A <3APA3A () security nnov ru> wrote:
Dear Toby McKay, Number of 12000 is absolutely impossible. Actual number is much higher.
i agree its impossible! but on samples (actual bot samples)! ip addresses are a different ridiculous number gadi mentions. he said in the article there is 3.5 MILLIONS unique ip addresses used every day in spam.... where does he come with these ridiculous numbers? he says 'spam alone'... saying there is much more ip for botnets not in spam. Let's look on daily statistics for messages rejected as SPAM on my mail
system. Month statistics requires to much information to be processed, sorry. On August, 13 150419 messages from 24244 unique IPs On September, 12 160054 messages from 32882 unique IPs On September, 13 175573 messages from 35834 unique IPs New hosts between August, 13 and September, 13: 34952 (97%) New hosts between September, 12 and September, 13: 27988 (78%) In suggestion average lifetime of spamming IP is higher than 1 day, we can approximate number of spamming IPs on the whole net during one day as 150000 with 40% rotation within 1 week. That is 240000 new IPs every month. The problem is, most of these IPs are dynamic. So, we have to divide this number on average number of IPs infected host had during infection period. It's impossible to discover this number. My expert's mark is 3-5. That is, we have 50000-80000 new spamming bots every month with average life of 2 weeks. Looks reasonable, but again it's taken from nowhere. And we only counted bots used for spamming :) --Thursday, September 14, 2006, 3:05:42 PM, you wrote to full-disclosure () lists grok org uk: TM> hi guys TM> i ask gadi on the botnets listserv on where he got the number 12K for bots TM> every month on his the world of botnets article [ TM> http://www.beyondsecurity.com/whitepapers/SolomonEvronSept06.pdf] .. he gave TM> no real answer. TM> does that number sound right to anybody? where did you come up with it gadi? TM> ./mcktoby -- ~/ZARAZA You know my name - look up my number (Beatles)
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- the world of botnets article and wrong numbers Toby McKay (Sep 14)
- Re: the world of botnets article and wrong numbers 3APA3A (Sep 14)
- Re: the world of botnets article and wrong numbers Toby McKay (Sep 14)
- <Possible follow-ups>
- Re: the world of botnets article and wrong numbers Gadi Evron (Sep 14)
- Re: the world of botnets article and wrong numbers Toby McKay (Sep 14)
- Re: the world of botnets article and wrong numbers Dave "No, not that one" Korn (Sep 14)
- Re: [botnets] the world of botnets article and wrong numbers Gadi Evron (Sep 14)
- Re: [botnets] the world of botnets article and wrong numbers Dude VanWinkle (Sep 14)
- Re: [botnets] the world of botnets article and wrong numbers Gadi Evron (Sep 14)
- Re: [botnets] the world of botnets article and wrong numbers Peter Dawson (Sep 14)
- Re: [botnets] the world of botnets article and wrong numbers Richard Golodner (Sep 14)
- Re: [botnets] the world of botnets article and wrong numbers Dude VanWinkle (Sep 14)
- Re: [botnets] the world of botnets article and wrong numbers Georgi Guninski (Sep 15)
- Re: the world of botnets article and wrong numbers 3APA3A (Sep 14)