[anti-abuse-wg] passive botnet tracker
- Previous message (by thread): [anti-abuse-wg] how to detect spambots - SPAMTrusted
- Next message (by thread): [anti-abuse-wg] passive botnet tracker
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Florian Weimer
fweimer at bfk.de
Wed Mar 4 10:20:06 CET 2009
* Alexander K. Seewald: > The gist: Based on a darknet (i.e. unused IP addresses), we analyze > incoming packets and classify them into (currently eight) different > spambot types based on learned idiosyncrasies of packet and > protocol, and reference data (currently by Marshall). Why do you expect bots to touch dark address space? Or put differently, I think any approach based on darkspace monitoring signficantly restricts the types of bots you can detect. -- Florian Weimer <fweimer at bfk.de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99
- Previous message (by thread): [anti-abuse-wg] how to detect spambots - SPAMTrusted
- Next message (by thread): [anti-abuse-wg] passive botnet tracker
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]