lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu, 14 Sep 2006 16:57:45 +0300
From: "Toby McKay" <mcktoby@...il.com>
To: 3APA3A <3APA3A@...urity.nnov.ru>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: the world of botnets article and wrong numbers

On 9/14/06, 3APA3A <3APA3A@...urity.nnov.ru> wrote:
>
> Dear Toby McKay,
>
> Number of 12000 is absolutely impossible. Actual number is much higher.


i agree its impossible! but on samples (actual bot samples)!

ip addresses are a different ridiculous number gadi mentions. he said in the
article there is 3.5 MILLIONS unique ip addresses used every day in spam....
where does he come with these  ridiculous numbers?

he says 'spam alone'... saying there is much more ip for botnets not in
spam.

Let's  look on daily statistics for messages rejected as SPAM on my mail
> system.  Month  statistics requires to much information to be processed,
> sorry.
>
> On August, 13     150419 messages from 24244 unique IPs
> On September, 12  160054 messages from 32882 unique  IPs
> On September, 13  175573 messages from 35834 unique  IPs
>
> New hosts between August, 13 and September, 13: 34952 (97%)
> New hosts between September, 12 and September, 13: 27988 (78%)
>
> In  suggestion  average lifetime of spamming IP is higher than 1 day, we
> can  approximate  number of spamming IPs on the whole net during one day
> as  150000 with 40% rotation within 1 week. That is 240000 new IPs every
> month.  The  problem  is,  most of these IPs are dynamic. So, we have to
> divide  this  number  on  average number of IPs infected host had during
> infection  period.  It's impossible to discover this number. My expert's
> mark  is 3-5. That is, we have 50000-80000 new spamming bots every month
> with  average  life  of  2 weeks. Looks reasonable, but again it's taken
> from nowhere. And we only counted bots used for spamming :)
>
> --Thursday, September 14, 2006, 3:05:42 PM, you wrote to
> full-disclosure@...ts.grok.org.uk:
>
> TM> hi guys
> TM> i ask gadi on the botnets listserv on where he got the number 12K for
> bots
> TM> every month on his the world of botnets article [
> TM> http://www.beyondsecurity.com/whitepapers/SolomonEvronSept06.pdf] ..
> he gave
> TM> no real answer.
> TM> does that number sound right to anybody? where did you come up with it
> gadi?
>
> TM> ./mcktoby
>
>
> --
> ~/ZARAZA
> You know my name - look up my number (Beatles)
>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ