4 Mar
2009
4 Mar
'09
10:20 a.m.
* Alexander K. Seewald:
The gist: Based on a darknet (i.e. unused IP addresses), we analyze incoming packets and classify them into (currently eight) different spambot types based on learned idiosyncrasies of packet and protocol, and reference data (currently by Marshall).
Why do you expect bots to touch dark address space? Or put differently, I think any approach based on darkspace monitoring signficantly restricts the types of bots you can detect. -- Florian Weimer <fweimer@bfk.de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99