|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Anti-Spam Router -- opinions?
On Tue, 06 Apr 2004 11:02:33 EDT, Joe Abley said: > How do you distinguish between a home user sending twenty legitimate, > real messages per day, and a home user whose PC has been 0wned, and > which is sending twenty illegitimate messages per day? Back of the envelope handwaving calculation (we're not worrying about exact numbers, merely having somewhere near the right number of zeros): Media reported that Hotmail was rejecting 2 billion pieces of mail a day (and that's not including AOL, Yahoo, and every single smaller ISP - our site alone is seeing several million a day). Let's say it adds up to 10 billion across the board. Let's assume that 75% of spam is sent via hijacked zombie machines. This would mean that to get 7.5 billion spams/day at 20 msgs/day/zombie, you'd need several hundred million compromised machines. And even though the average machine is woefully insecure, there's not THAT many zombies. On the other hand, 20K msgs/day/zombie is only about 1 ever 4 seconds, not enough to make the average cablemodem user notice - and reduces the number of zombies down to several million - a much more plausible number. If you rate-limit 2 million compromised machines to 20 msgs/day each, there's only 400 million spams. Total. Attachment:
pgp00004.pgp
|