[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 19 Dec 2013, at 21:26, Martijn Grooten <dcglug@xxxxxxxxxxxxxxxxxx> wrote: >>> On Thu, 19 Dec 2013, Simon Waters wrote: >> Well a typical ADSL connected PC could guess several hundred email addresses a >> second across many domains, we saw botnets of 10,000, so that ~4,000,000 guesses >> a second. > > I've seen botnets of 100 times that size. But even then, its owner will want to do > what gives the best delivery rate. Using a list of addresses, most of which are > known to exist, is a better strategy than just trying things out. The point is to harvest the addresses in the first place not especially to spam. Sure it makes sense to use a list of addresses if you have them, but someone has to build the list in the first place. I agree it is mindless, a dead give away etc, but I guarantee there must have been a positive return on invested effort given the volume and repetitive nature of the attacks. Some of these botnets we saw going through domains in alphabetical order so you'd see, a complete scan of "example.com" and then few hours later a scan of "forexample.com" and then "goodexample.com" would be scanned. Wouldn't be all the hosted domains, but some subset. I thought the subset might hold a clue to targeting, but came to the conclusion it was probably just an old domain list, since it was mainly older domains that got scanned. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq