jdow wrote:
From: "DAve" <[EMAIL PROTECTED]>
Loren Wilton wrote:
It was mentioned that several people are getting hammered by
world-wide robot attacks. I see from the little spam I get that
there is a new spam sending tool for robots that is running a stock
spam. I suspect the traffic is a combination of distributing the new
spam tool and sending out the new spam.
With all this traffic from robots, lots of people here must be
getting quite a lot of information in their logs about connections
from robots. I wonder if there would be value in a central database
that attempts to enumerater the robots?
Most of them are probably on dynamic ip. But if the sending IP and
attempted connect time could be logged at many sites and combined,
there would be fairly conclusive evidence that a given IP had been
sending spam at a particular time. Perhaps that could be submitted
to at least some of the more responsible service providers, and they
could do something to track it back to a customer and send them an
email that their machine is infected. (Or possibly be even more
proactive, I suppose.)
The database might also be usable in front door spam blocking. Most
people probably shouldn't be accepting direct connections from
dynamic ips on someone else's network, especially if that ip has a
recent history of sending spam (say in the last 6 hours or so). It
might be possible to make a server that could provide yes/no answers
on whether the IP has sent spam in the last minute/hour/6 hours/day
or so.
I'd think that such a database could be built almost automatically.
For instance, if you log the IPs of connection attempts that you
reject for various problems, you could just harvest those IPs once an
hour or so to some central site, no human judgement calls required.
If the mail is accepted and gets a high SA score, and you can still
determine the sending IP, then that might be automatically harvested
also.
Thoughts? Does somethign like this have any value?
Loren
Something like http://dhsield.org, but limited to email instead of all
ports?
Don't know. (Not going to click on THAT link. It looks like it might
lead to a typo squatter potentially with malware. {^_-}) But I suspect
the answer is yes.
{^_^}
Hmmm, dsheild, dhsield, dshield, six of one half dozen of the other ;^)
DAve
--
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?
Maybe they forgot who made that choice possible.