[Dshield] Extreme increase in spam attempts... any one else seeing similar event?
Castle, Shane
scastle at co.boulder.co.us
Fri Aug 17 14:45:31 GMT 2007
No, my spam volume and percentages are pretty much constant for the
week:
Threats: Spam Report 8/13/2007 8/19/2007 MDT
Spam Volume Trends
Time Inbound Outbound
8/13/2007 00:00 117985
8/14/2007 00:00 152457
8/15/2007 00:00 108398
8/16/2007 00:00 115857
8/17/2007 00:00 41623
8/18/2007 00:00 0
8/19/2007 00:00 0
Spam Detection Summary
Total Inbound Spam Identified 536320
Inbound Spam Volume 91.20%
Invalid Email Detected 433156
Spam Beacons Detected 51853
System Real Time Blackhole List 0
Spam Policy Actions
Quarantine 100543
Tag 0
Deny 435778
Other 0
Above is from MX Logic. Note the inbound spam percentage. That's just
sad.
--
Shane Castle
-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Chris Phillips
Sent: Friday, August 17, 2007 08:26
To: list at lists.dshield.org
Subject: [Dshield] Extreme increase in spam attempts... any one else
seeing similar event?
Hi
Since yesterday (16 Aug 6pm EDT) I am seeing a HUGE increase in spam
activity:
sed -n '/^Aug 16 18/,$p' /var/log/smtpd.log | egrep 'Not allowed' | wc
-l
12110
sed -n '/^Aug 16 18/,$p' /var/log/smtpd.log | egrep 'Not allowed' |
egrep UNKNOWN | wc -l
480
(This is less than 24 hours ! )
vs
a previous 24 hour period...
sed -n '/^Aug 14 18/,/^Aug 15 18/p' /var/log/smtpd.log | egrep 'Not
allowed' | wc -l
115
sed -n '/^Aug 14 18/,/^Aug 15 18/p' /var/log/smtpd.log | egrep 'Not
allowed' | egrep 'UNKNOWN' | wc -l
38
The interesting factor is that the majority of this is coming from DNS
registered hosts:
480 out of 12110 = 4% not registered
as opposed to 38 out of 115 = 38% normally...
Any ideas about what might be happening?
(Also note that these almost totally don't have valid local email
addresses as the recipient, though the domain seems to be correct
mostly.
[This is from hand sampling so I don't have specific #'s])
C
_________________________________________
SANSFIRE 2007 July 25-August 2 in Washington, DC. 56 courses, SANS top
instructors, and a great tools and solutions expo. Register today!
http://www.sans.org/info/4651 (brochure code ISC)
More information about the list
mailing list