<br><br><div class="gmail_quote">On Mon, Nov 24, 2008 at 2:55 PM, Scott Silva <span dir="ltr"><<a href="mailto:ssilva@sgvwater.com">ssilva@sgvwater.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
on 11-24-2008 1:56 AM Ronny T. Lampert spake the following:<br>
<div class="Ih2E3d">>> Hi,<br>
>><br>
>> Is anybody else seeing a big drop off in SPAM volume over the last<br>
>> week or so? or is it just me?<br>
><br>
> I'm down to "more normal levels" on<br>
><br>
> - total connections<br>
> - RBL blocks (= 50% of total connections for last 3 hours)<br>
> - "is spam" by MS (down by about 20%).<br>
><br>
> No way in hell we should allow McColo to go live again.<br>
> But then again it's only Monday morning so spammers might wake up later...<br>
><br>
> Cheers.<br>
</div>Trouble is, there seems to be other ways to get a block back up, even if for<br>
only a short time. If they manage to do this, the bots will get new code and<br>
come back. What is needed is for someone in power to take this block for a few<br>
weeks and log all systems that try and get instructions, and trace them back<br>
through the ISP. Then the ISP needs to inform those users they are infected.<br>
But it won't happen since someone will have to foot the bill.<br>
<div><div></div><div class="Wj3C7c"><br>
</div></div></blockquote><div>One thing I *have* noticed since spam volume dropped is a huge increase in ssh attacks, and not just on mail servers. I'm pulling information from close to 500 systems when I say "huge" - I'm talking about nearly 1000 attempts per machine per day. Whoever is doing it is smart enough to be using many many IP addresses from all over the world, and just making a few attempts from each IP, then backing off to keep automated firewall add/remove tools from blocking too many attempts. Anyone else noticed this? <br>
</div></div><br>