Weekly spam summary on October 22nd, 2005
This week we received 11,880 email messages from 233 different IP addresses. Our SMTP server handled 36,465 sessions from 4,042 different IP addresses, down markedly from last week.
Overall connections are down slightly from last week: 210,400 connections from at least 38,800 different IP addresses. This week, we only hit a highwater of 22 connections being processed simultaneously. Per day statistics:
The Sunday surge is expected; we reboot with much of the kernel level IP filters cleared, and active IPs to block hit us and get added back in later on in the day. Simultaneous connections being processed hit 13 on Sunday then 22 on Thursday.
Kernel level packet filtering top ten:
Host/Mask Packets Bytes 126.96.36.199 21081 1180K 188.8.131.52/24 11764 599K 184.108.40.206 9605 461K 220.127.116.11 6461 329K 18.104.22.168 6442 301K 22.214.171.124 5568 267K 126.96.36.199 5414 260K 188.8.131.52/24 5238 242K 184.108.40.206 4650 223K 220.127.116.11 4523 211K
No large netblocks made the list at all, but 18.104.22.168, 'Surge
really living up to its name (and reappears from
last week). Also putting in return appearances are
22.214.171.124, both getting kernel level
blocks due to repeated bad
It's been a good (or bad) week for DNS blocklists; 126.96.36.199 is
DSBL-listed, 188.8.131.52 is CBL-listed, and 184.108.40.206 is on the
ORDB. The remaining four IP addresses got blocked for repeated bad
Connection-time rejection stats:
23648 total 10554 dynamic IP 7333 bad or no reverse DNS 2369 class bl-cbl 832 class bl-spews 533 class bl-dsbl 367 class bl-sbl 336 class bl-ordb 211 class bl-njabl 169 class bl-sdul 5 class bl-opm
Unlike last week, there is no single really active sources.
|what||# this week||(distinct IPs)||# last week||(distinct IPs)|
Spammers are probably forging us less, although they continue to forge us. They will probably continue to forge us until the Internet melts down in a combination of depeerings, bankruptcies, and disagreements over which organization and country should run the whole thing.