Weekly spam summary on October 22nd, 2005
This week we received 11,880 email messages from 233 different IP addresses. Our SMTP server handled 36,465 sessions from 4,042 different IP addresses, down markedly from last week.
Overall connections are down slightly from last week: 210,400 connections from at least 38,800 different IP addresses. This week, we only hit a highwater of 22 connections being processed simultaneously. Per day statistics:
The Sunday surge is expected; we reboot with much of the kernel level IP filters cleared, and active IPs to block hit us and get added back in later on in the day. Simultaneous connections being processed hit 13 on Sunday then 22 on Thursday.
Kernel level packet filtering top ten:
Host/Mask Packets Bytes 22.214.171.124 21081 1180K 126.96.36.199/24 11764 599K 188.8.131.52 9605 461K 184.108.40.206 6461 329K 220.127.116.11 6442 301K 18.104.22.168 5568 267K 22.214.171.124 5414 260K 126.96.36.199/24 5238 242K 188.8.131.52 4650 223K 184.108.40.206 4523 211K
No large netblocks made the list at all, but 220.127.116.11, 'Surge
really living up to its name (and reappears from
last week). Also putting in return appearances are
18.104.22.168, both getting kernel level
blocks due to repeated bad
It's been a good (or bad) week for DNS blocklists; 22.214.171.124 is
DSBL-listed, 126.96.36.199 is CBL-listed, and 188.8.131.52 is on the
ORDB. The remaining four IP addresses got blocked for repeated bad
Connection-time rejection stats:
23648 total 10554 dynamic IP 7333 bad or no reverse DNS 2369 class bl-cbl 832 class bl-spews 533 class bl-dsbl 367 class bl-sbl 336 class bl-ordb 211 class bl-njabl 169 class bl-sdul 5 class bl-opm
Unlike last week, there is no single really active sources.
|what||# this week||(distinct IPs)||# last week||(distinct IPs)|
Spammers are probably forging us less, although they continue to forge us. They will probably continue to forge us until the Internet melts down in a combination of depeerings, bankruptcies, and disagreements over which organization and country should run the whole thing.