Honeypots mailing list archives
Re: Scans are way up, attacks are down??
From: Chris Paul <chris.paul () rexconsulting net>
Date: Thu, 28 Aug 2003 11:50:19 -0700
Need more info from you: Which RBL? Who's putting the X-RBL-Warning? (Sendmail or Exim)? You see, I don't use these RBLs directly. I use a hybrid of SA (which calls RBL's and other sources for scoring) in combination with grey-listing. Very effective. Anyhow, to answer your one question re home-spammers, yes there is specifically one RBL (the DUN) and that is precisely "Dial-Up Networking" users, or as I called them, "home spammers", reasoning these are jerks who bought some software that they use from home to spam from their dial-up ISP accounts. Of course, back to my original point, to correct myself a little, it really isn't known if home users got hit more or less than corporate/large organization. Because non-home networks as we all know got hit bad by this recent rash of various worms well indeed. CP On Thu, 28 Aug 2003 10:58:12 +0100 "lsi" <stuart () cyberdelix net> wrote:
Hi Chris, A msg is counted as spam if it contains a line which starts with X-RBL-Warning: ...which is of course the headerline inserted by the RBL anti-spam network. Home-based spammers aren't likely to be on the RBL, are they? Stuart On 27 Aug 2003 at 9:52, Chris Paul wrote: Date sent: Wed, 27 Aug 2003 09:52:44 -0700 From: Chris Paul <chris.paul () rexconsulting net> To: stuart () cyberdelix net Copies to: honeypots () securityfocus com Subject: Re: Scans are way up, attacks are down??On Wed, 27 Aug 2003 09:45:42 +0100 "lsi" <stuart () cyberdelix net> wrote:John, What I noticed is that as the SoBig virus went up, the number of spams I received went down. See chart here: http://cyberdelix.net/media/spamtrak.gif The lowest dip is August 15, 3 days before Sobig. Does this mean BOFH's stop spamming because they are configuring their viruses???Perhaps some of the home-spammers got hit with the virus. Easily could explain part of it. Depends on what you mean by spam. CP -- Chris Paul Rex Consulting - Messaging and Security Solutions +1 831.338.7712 Key fingerprint = 588A 289C ADE2 08F9 050B D2A0 DDA4 331D C61B DFD1-- Stuart Udall stuart () cyberdelix net - http://www.cyberdelix.net/ ..revolution through evolution want to make some cash? check out http://cyberdelix.net/affiliates.htm
-- CP -- Chris Paul Rex Consulting - Messaging and Security Solutions +1 831.338.7712 Key fingerprint = 588A 289C ADE2 08F9 050B D2A0 DDA4 331D C61B DFD1
Current thread:
- Scans are way up, attacks are down?? John C. Silvia (Aug 26)
- Re: Scans are way up, attacks are down?? lsi (Aug 27)
- Re: Scans are way up, attacks are down?? Chris Paul (Aug 27)
- Re: Scans are way up, attacks are down?? lsi (Aug 28)
- Re: Scans are way up, attacks are down?? Chris Paul (Aug 28)
- Re: Scans are way up, attacks are down?? Chris Paul (Aug 27)
- Re: Scans are way up, attacks are down?? lsi (Aug 27)