Benny Pedersen wrote:
On Wed, May 20, 2009 11:25, Mike Cardwell wrote:
A cool idea would be an application in a similar vain to p0f, but which
passively detected the SMTP client software, rather than operating
system. It might then be possible to distribute signatures that
identified specific zombie software, as well as real mtas.
if you find p0f signatures for this then it there, i am far behind there
also :/
anyone know where to update ?
I'm not sure how the signatures work but suppose one collected a list of
IP signature pairs and then compared that against black/white lists to
see if signatures are matching spam or ham. If a signature matches a lot
of blacklisted IPs and no whitelisted IPs for example then maybe
anything with that signature could be scored as spam?
