Weekly spam summary on October 22nd, 2005
This week we received 11,880 email messages from 233 different IP addresses. Our SMTP server handled 36,465 sessions from 4,042 different IP addresses, down markedly from last week.
Overall connections are down slightly from last week: 210,400 connections from at least 38,800 different IP addresses. This week, we only hit a highwater of 22 connections being processed simultaneously. Per day statistics:
The Sunday surge is expected; we reboot with much of the kernel level IP filters cleared, and active IPs to block hit us and get added back in later on in the day. Simultaneous connections being processed hit 13 on Sunday then 22 on Thursday.
Kernel level packet filtering top ten:
Host/Mask Packets Bytes 18.104.22.168 21081 1180K 22.214.171.124/24 11764 599K 126.96.36.199 9605 461K 188.8.131.52 6461 329K 184.108.40.206 6442 301K 220.127.116.11 5568 267K 18.104.22.168 5414 260K 22.214.171.124/24 5238 242K 126.96.36.199 4650 223K 188.8.131.52 4523 211K
No large netblocks made the list at all, but 184.108.40.206, 'Surge
really living up to its name (and reappears from
last week). Also putting in return appearances are
220.127.116.11, both getting kernel level
blocks due to repeated bad
It's been a good (or bad) week for DNS blocklists; 18.104.22.168 is
DSBL-listed, 22.214.171.124 is CBL-listed, and 126.96.36.199 is on the
ORDB. The remaining four IP addresses got blocked for repeated bad
Connection-time rejection stats:
23648 total 10554 dynamic IP 7333 bad or no reverse DNS 2369 class bl-cbl 832 class bl-spews 533 class bl-dsbl 367 class bl-sbl 336 class bl-ordb 211 class bl-njabl 169 class bl-sdul 5 class bl-opm
Unlike last week, there is no single really active sources.
|what||# this week||(distinct IPs)||# last week||(distinct IPs)|
Spammers are probably forging us less, although they continue to forge us. They will probably continue to forge us until the Internet melts down in a combination of depeerings, bankruptcies, and disagreements over which organization and country should run the whole thing.