[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

spamd vs the sober worm

When the mainstream press started reporting stories like "You are not
under FBI surveillance" about the newest windows worm variety, I started
checking my logs for signs of what the stories described.  Nothing of 
the sort reported had reached any windows machine on our network, so I 
started looking at the gateway's logs.  The result is a very preliminary
draft which I've put at http://www.bgnett.no/~peter/pf/spamd-vs-sober-prelim.txt
My problem is that the sample size is so tiny.  If I am to turn this
into a publishable article, I need more data.  Would anyone running pf
plus spamd in greylisting mode volunteer to do the same tests and send
me their results (or raw data for that matter)?  Any other feedback
would be welcome of course, and truly useful data will merit at least a
mention in the thanks to list if this gets published.
- P
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
"First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"