Hi Everyone, Can SNF be used with Alt-N's Security Gateway product?
http://www.altn.com/Products/SecurityGateway-Email-Firewall/ I know the plug-in works great with Mdaemon itself, but I might be switching to Exchange. And want to use this product with it. Thanks, Daniel -- Daniel Bayerdorffer, VP [EMAIL PROTECTED] Numberall Stamp & Tool Co., Inc. www.numberall.com PO Box 187, Sangerville, ME 04479 USA TEL: 207-876-3541 FAX: 207-876-3566 -----Original Message----- From: "Peer-to-Peer (Support)" <[EMAIL PROTECTED]> To: Message Sniffer Community <sniffer@sortmonster.com> Date: Thu, 28 Aug 2008 09:19:29 -0400 Subject: [sniffer] Re: Stampede - amazing! > Not the same as you're describing below, but I can confirm we were > slammed > with NDR's last night. Classic joe-job (i.e. millions of messages sent > out > to unknown users using your return address). > > --Paul > > > -----Original Message----- > From: Message Sniffer Community [mailto:[EMAIL PROTECTED] > Behalf Of Pete McNeil > Sent: Thursday, August 28, 2008 5:13 AM > To: Message Sniffer Community > Subject: [sniffer] Stampede - amazing! > > > Hello Sniffer Folks, > > I had been wondering why the blackhats had been pushing so hard for > new bots these last few weeks. > > Then the other day I saw something very strange in the SNF telemetry. > A storm came in that seemed to stop all other traffic. For more than > an hour I really thought something was broken -- but I wasn't sure I'd > really seen it. > > Just a short time ago our SortMonster on duty (Mitchell "Skull") > called all-hands for a new spam storm. This was another of the new > penis spams. > > We coded the rules quickly and as they went out I saw it again: > > T rates fell to zero on many systems and close to that on all of the > others. This means that virtually all of the IPs were brand-new. At > the same time traffic spiked on all systems and capture rates went > off-scale high as the new rules tagged virtually every message. > > This is not an entirely new tactic by the blackhats-- I've talked > about it before. It is essentially a high-amplitude burst - where a > new campaign is pre-tested against all known filters and then launched > on a large number of new bots that are unknown to IP reputation > systems. > > What is new is the purity of these recent events. When we've seen them > before they were mixed in with a lot of other traffic from other bot > nets and even other campaigns from the same bot net. While there was > still a trickle of this activity, the purity of this burst was > astounding. > > This was a stampede where essentially all visible bots started running > in a single new direction. > > T rates have recovered now by and large -- so the new bots are already > largely recognized by GBUdb, but the wild swing in telemetry across > the network was amazing to watch -- as is the new telemetry showing > dramatically increased traffic and capture rates indicating a nearly > pure stream of spam from this new "herd". > > Theories, comments, and observations welcome. > > Thanks, > > _M > > -- > Pete McNeil > Chief Scientist, > Arm Research Labs, LLC. > > > ############################################################# > This message is sent to you because you are subscribed to > the mailing list <sniffer@sortmonster.com>. > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > To switch to the DIGEST mode, E-mail to > <[EMAIL PROTECTED]> > To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> > Send administrative queries to <[EMAIL PROTECTED]> > > > > > > > > > ############################################################# > This message is sent to you because you are subscribed to > the mailing list <sniffer@sortmonster.com>. > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > To switch to the DIGEST mode, E-mail to > <[EMAIL PROTECTED]> > To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> > Send administrative queries to <[EMAIL PROTECTED]> ############################################################# This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.com>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>