NetworksAreMadeOfString

When I heard the news that McColo had been pulled I wondered if we’d actually see a drop in Hostile traffic and Spam.

Turns out that there has been a massive drop in Spam levels coming through some of the filters I have dotted around the place.

C&C or Spam Hosts?

I wrote a little script to see what percentages of machines that had made incoming connections that were then classified as spam were still alive.

The majority of hosts were still contactable in some way shape or form but weren’t listening on known SMTP ports, some were alive and actively listening on SMTP ports. A small percentage were totally offline.

This basic test appears to indicate that the Datacenter that went offline was merely a Command & Control hub rather than actual spamming hosts.

Elsewhere

Just to make sure that there were no anomolies with my graphs I checked a few other places and it does indeed appear that there is a worldwide drop in spam:


 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
It probably won’t be long until the levels are back where they used to be but for now our AntiSpam servers can rest for a while.

This entry was posted on Friday, November 14th, 2008 at 8:56 pm and is filed under Email, NAMOS. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.