--On Thursday, April 20, 2006 21:12 -0500 Les Mikesell <[EMAIL PROTECTED]> wrote:
The logs show that it is hit by dictionary attacks fairly often with the interesting part being that the messages are being sent by many different machines at the same time but rate limited somehow so there are never more than a few simultaneous connections.
I see this too. Not only nicely rate limited but in alphabetical order very often. This just shows how the bot nets work by having a controller send each zombie just a few addresses, one zombie at a time. The addresses and binary might be only in memory on the zombie and be cleared as soon as the work is done, which is often less than a minute. The only thing left on the zombie is whatever allows the controller access to it. It's all designed to have minimal impact per "owned" PC. Joe Brennan _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
