Wandering Thoughts archives

2005-10-23

One reason why I like Unix

; uptime
 19:33:45 up 264 days, 12 min, [...]
; ps -e -o start,comm
 STARTED COMMAND
  Feb 01 init
[...]
  Feb 01 X
  Feb 01 xterm
  Feb 01 fvwm2
  Feb 01 wish8.4
  Feb 01 exmh
[...]
  Apr 12 ssh
[...]

I don't think long uptimes are an exclusive Unix virtue; every operating system can and should have them. But there's machine uptime and then there's total user environment uptime, and my impression is that many systems today are far less good at the latter.

Not only has has my office workstation and its system programs been running since February 1st, but I've been logged in and running X Windows continuously since then, along with my window manager, my mail reader, and several other programs that I keep running all the time. I use the machine reasonably intensely; I routinely compile large programs, watch video, play music, and so on.

The ssh command started April 12th has been forwarding X for my environment on the remote machine (which has obviously been up since then; in fact it was rebooted then), and that environment has been running since then:

; ps -o start,command
[...]
12Apr05 xrun [...]
12Apr05 xlbiff -title [...]

It is very nice to just be able to expect this kind of quiet, long-term operation from everything that I run; it makes the computer my servant, instead of me the computer's servant ('I am annoyed with life; quit some of your programs to make me happy').

(Now, mind you, I am out of touch with the Microsoft Windows world; it is quite possible that multi-month Windows sessions are now perfectly normal if you want to stay logged in that long. Data points from Windows people are welcome.)

(The observant will gather from this that I have not installed Fedora Core 4 on my office workstation. Surprise, surprise. At this point I may wait for Fedora Core 5, unless I get impatient with outdated software.)

sysadmin/WhyILikeUnix written at 20:28:46; Add Comment

Weekly spam summary on October 22nd, 2005

This week we received 11,880 email messages from 233 different IP addresses. Our SMTP server handled 36,465 sessions from 4,042 different IP addresses, down markedly from last week.

Overall connections are down slightly from last week: 210,400 connections from at least 38,800 different IP addresses. This week, we only hit a highwater of 22 connections being processed simultaneously. Per day statistics:

Day Connections different IPs
Sunday 42,200 8,830
Monday 35,800 +5,110
Tuesday 18,630 +4,900
Wednesday 41,900 +5,330
Thursday 23,240 +5,500
Friday 28,820 +5,250
Saturday 19,790 +3,930

The Sunday surge is expected; we reboot with much of the kernel level IP filters cleared, and active IPs to block hit us and get added back in later on in the day. Simultaneous connections being processed hit 13 on Sunday then 22 on Thursday.

Kernel level packet filtering top ten:

Host/Mask           Packets   Bytes
66.154.124.9          21081   1180K
212.216.176.0/24      11764    599K
66.92.140.53           9605    461K
216.213.82.100         6461    329K
67.123.2.225           6442    301K
80.250.6.1             5568    267K
66.179.44.52           5414    260K
218.102.53.0/24        5238    242K
62.101.217.247         4650    223K
65.86.183.103          4523    211K

No large netblocks made the list at all, but 66.154.124.9, 'Surge Media' in SBL24721 is really living up to its name (and reappears from last week). Also putting in return appearances are 66.92.140.53 and 66.179.44.52, both getting kernel level blocks due to repeated bad HELO names.

It's been a good (or bad) week for DNS blocklists; 216.213.82.100 is DSBL-listed, 80.250.6.1 is CBL-listed, and 62.101.217.247 is on the ORDB. The remaining four IP addresses got blocked for repeated bad HELO names.

Connection-time rejection stats:

  23648 total
  10554 dynamic IP
   7333 bad or no reverse DNS
   2369 class bl-cbl
    832 class bl-spews
    533 class bl-dsbl
    367 class bl-sbl
    336 class bl-ordb
    211 class bl-njabl
    169 class bl-sdul
      5 class bl-opm

Unlike last week, there is no single really active sources.

Other stats:

what # this week (distinct IPs) # last week (distinct IPs)
Bad HELOs 13278 731 27390 1136
Bad bounces 4038 2261 5320 2739

Spammers are probably forging us less, although they continue to forge us. They will probably continue to forge us until the Internet melts down in a combination of depeerings, bankruptcies, and disagreements over which organization and country should run the whole thing.

spam/SpamSummary-2005-10-22 written at 01:51:47; Add Comment


Page tools: See As Normal.
Search:
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.