On Friday 24 June 2005 09:37, Jan Engelhardt wrote:
> >Most if not all of the listed domains were personally researched by
> > me. That's the weakness of this, though: it's impossible to keep
> > ahead of the spammers and other ratware peddlers in this arms race.
>
> Just look into the named and/or squid logs and see what users (or
> programs acting on their behalf) request.
Yes, that would be the methodology, but it should be done in a
controlled environment. Some, and now perhaps most, of our squid
traffic is legitimate.
What is needed is a network "clean room". A fresh Windows install with
monitored outbound access. Using Outhouse Distress, activate a known
virus email, watch what it does. Using Internet Exploder, visit a known
malicious IIS site, and see the results.
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
