Weekly spam summary on October 22nd, 2005
This week we received 11,880 email messages from 233 different IP addresses. Our SMTP server handled 36,465 sessions from 4,042 different IP addresses, down markedly from last week.
Overall connections are down slightly from last week: 210,400 connections from at least 38,800 different IP addresses. This week, we only hit a highwater of 22 connections being processed simultaneously. Per day statistics:
The Sunday surge is expected; we reboot with much of the kernel level IP filters cleared, and active IPs to block hit us and get added back in later on in the day. Simultaneous connections being processed hit 13 on Sunday then 22 on Thursday.
Kernel level packet filtering top ten:
Host/Mask Packets Bytes 184.108.40.206 21081 1180K 220.127.116.11/24 11764 599K 18.104.22.168 9605 461K 22.214.171.124 6461 329K 126.96.36.199 6442 301K 188.8.131.52 5568 267K 184.108.40.206 5414 260K 220.127.116.11/24 5238 242K 18.104.22.168 4650 223K 22.214.171.124 4523 211K
No large netblocks made the list at all, but 126.96.36.199, 'Surge
really living up to its name (and reappears from
last week). Also putting in return appearances are
188.8.131.52, both getting kernel level
blocks due to repeated bad
It's been a good (or bad) week for DNS blocklists; 184.108.40.206 is
DSBL-listed, 220.127.116.11 is CBL-listed, and 18.104.22.168 is on the
ORDB. The remaining four IP addresses got blocked for repeated bad
Connection-time rejection stats:
23648 total 10554 dynamic IP 7333 bad or no reverse DNS 2369 class bl-cbl 832 class bl-spews 533 class bl-dsbl 367 class bl-sbl 336 class bl-ordb 211 class bl-njabl 169 class bl-sdul 5 class bl-opm
Unlike last week, there is no single really active sources.
|what||# this week||(distinct IPs)||# last week||(distinct IPs)|
Spammers are probably forging us less, although they continue to forge us. They will probably continue to forge us until the Internet melts down in a combination of depeerings, bankruptcies, and disagreements over which organization and country should run the whole thing.