From: (no name) (no email)
Date: Tue Apr 06 2004 - 12:37:29 EDT
On Tue, 06 Apr 2004 11:02:33 EDT, Joe Abley said:
> How do you distinguish between a home user sending twenty legitimate,
> real messages per day, and a home user whose PC has been 0wned, and
> which is sending twenty illegitimate messages per day?
Back of the envelope handwaving calculation (we're not worrying about
exact numbers, merely having somewhere near the right number of zeros):
Media reported that Hotmail was rejecting 2 billion pieces of mail a day (and
that's not including AOL, Yahoo, and every single smaller ISP - our site alone
is seeing several million a day). Let's say it adds up to 10 billion across the
board.
Let's assume that 75% of spam is sent via hijacked zombie machines. This
would mean that to get 7.5 billion spams/day at 20 msgs/day/zombie,
you'd need several hundred million compromised machines. And even though
the average machine is woefully insecure, there's not THAT many zombies.
On the other hand, 20K msgs/day/zombie is only about 1 ever 4 seconds,
not enough to make the average cablemodem user notice - and reduces the
number of zombies down to several million - a much more plausible number.
If you rate-limit 2 million compromised machines to 20 msgs/day each,
there's only 400 million spams. Total.
|
|
|