Re: [Asrg] Spammers looking for sites that don't bounce?
Barry Shein <bzs@world.std.com> Thu, 26 June 2003 21:25 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA22555 for <asrg-archive@odin.ietf.org>; Thu, 26 Jun 2003 17:25:35 -0400 (EDT)
Received: (from exim@localhost) by www1.ietf.org (8.11.6/8.11.6) id h5QLP8J10294 for asrg-archive@odin.ietf.org; Thu, 26 Jun 2003 17:25:08 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19VeEu-0002fx-JN for asrg-web-archive@optimus.ietf.org; Thu, 26 Jun 2003 17:25:08 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA22506; Thu, 26 Jun 2003 17:25:04 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19VeEs-0006Az-00; Thu, 26 Jun 2003 17:25:06 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19VeEm-0006Aw-00; Thu, 26 Jun 2003 17:25:00 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19VeEo-0002QR-5o; Thu, 26 Jun 2003 17:25:02 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19VeEO-0002LN-VG for asrg@optimus.ietf.org; Thu, 26 Jun 2003 17:24:36 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA22473 for <asrg@ietf.org>; Thu, 26 Jun 2003 17:24:32 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19VeEM-0006AW-00 for asrg@ietf.org; Thu, 26 Jun 2003 17:24:34 -0400
Received: from pcls1.std.com ([199.172.62.103] helo=TheWorld.com) by ietf-mx with esmtp (Exim 4.12) id 19VeEB-0006AA-00 for asrg@ietf.org; Thu, 26 Jun 2003 17:24:23 -0400
Received: from world.std.com (root@world-f.std.com [199.172.62.5]) by TheWorld.com (8.12.8p1/8.12.8) with ESMTP id h5QLNrtD014421; Thu, 26 Jun 2003 17:23:53 -0400
Received: (from bzs@localhost) by world.std.com (8.9.3/8.9.3) id RAA02628; Thu, 26 Jun 2003 17:23:52 -0400 (EDT)
From: Barry Shein <bzs@world.std.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <16123.25704.514090.720043@world.std.com>
To: Kee Hinckley <nazgul@somewhere.com>
Cc: Vernon Schryver <vjs@calcite.rhyolite.com>, asrg@ietf.org
Subject: Re: [Asrg] Spammers looking for sites that don't bounce?
In-Reply-To: <p06001712bb20261c15d5@[192.168.1.104]>
References: <p0600170dbb200ed3a08e@[192.168.1.104]> <200306260310.h5Q3AawS027940@calcite.rhyolite.com> <p06001712bb20261c15d5@[192.168.1.104]>
X-Mailer: VM 7.07 under Emacs 21.2.2
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Thu, 26 Jun 2003 17:23:52 -0400
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
I suppose anything that can be programmed is possible.
But one also has to be careful of that effect whose name I forget
where people see patterns in random noise.
As I've reported here before spammers often use over a hundred
hijacked computers nearly simultaneously spewing the same basic spam
(including variations, but I mean for the same "client", the same
basic come-on.)
So for example if they were streaming by on your screen you might
notice that when you raise you right hand, they switch to IP addresses
with at least one prime number in the quad, but when you raise your
left hand, they switch back to non-primes, etc.
It's a common effect and at least one to watch out for.
Also, anthropomorphizing the data, a similar effect, assigning intent
to what might be random behavior in the data.
Or maybe they're doing all this.
Or maybe he's being slammed by what appears to be spam from a clever
and malicious script-kiddie just trying to drive him bonkers because
he closed an account for non-payment or something.
--
-Barry Shein
Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
The World | Public Access Internet | Since 1989 *oo*
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] Spammers looking for sites that don't boun… Kee Hinckley
- Re: [Asrg] Spammers looking for sites that don't … Vernon Schryver
- Re: [Asrg] Spammers looking for sites that don't … william
- Re: [Asrg] Spammers looking for sites that don't … Kee Hinckley
- Re: [Asrg] Spammers looking for sites that don't … Chris Lewis
- Re: [Asrg] Spammers looking for sites that don't … Barry Shein