RBL for bots?

• Previous message (by thread): RBL for bots?
• Next message (by thread): botnets: web servers, end-systems and Vint Cerf
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 15 Feb 2007 19:02:12 CST, Gadi Evron said:
> Many of them are SMTP-based only. IP reputation is very limited still.
> 
> Now, all that said, back on "most are broadband users" - no longer
> true. Many bots (especially in spam) are now web servers.

I'm willing to bet that most are *still* broadband users.  Quite likely,
even if 100% (yes, *every single last one*) of the "web servers" out there
were botted, that would likely still be less systems than if only 5% of end-user
systems were botted.  Just a little while back, Vint Cerf guesstimated that
there's 140 million botted end user boxes.  Unless 100% of Google's servers
are botted, there's no way there's that many botted servers. :)

And the fact that web servers are getting botted is just the cycle of
reincarnation - it wasn't that long ago that .edu's had a reputation of
getting pwned for the exact same reasons that webservers are targets now:
easy to attack, and usually lots of bang-for-buck in pipe size and similar.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20070215/7e8267e0/attachment.sig>

• Previous message (by thread): RBL for bots?
• Next message (by thread): botnets: web servers, end-systems and Vint Cerf
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]