[nsp-sec] AS27595 (Intercage) gone - implications..

Tue Sep 23 16:52:41 EDT 2008

I checked with our email team they saw about a 40% drop in the spamtrap
but it didn't last too long. The time did correspond with the intercage
outage:)

The enterprise email (qwest.com) team did NOT see a corresponding drop.

Security through obscurity WORKS against some worms and ssh attacks:)
Donald.Smith at qwest.com giac 

> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net 
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of 
> Chris Morrow
> Sent: Tuesday, September 23, 2008 1:38 PM
> To: Jared Mauch
> Cc: 'NSP nsp-security'; 'Huopio Kauto'
> Subject: Re: [nsp-sec] AS27595 (Intercage) gone - implications..
> 
> ----------- nsp-security Confidential --------
> 
> 
> 
> On Mon, 22 Sep 2008, Jared Mauch wrote:
> >>>> Now that AS27595 has no routing, there could be some
> >>>> interesting effects to the end users. Those who have been
> >>
> >> as an odd aside, I had a pretty severe drop in inbound spam to my
> >> collection system yesterday... I wonder if that trend will 
> continue or if
> >> it was related at all to 27595 going away. (which I doubt 
> since it was
> >> over most of the day...)
> >
> > 	Now that it's "back" did your rate increase?
> >
> 
> date of 2008-09-??
> date - 15 connects to postfix: 1793274
> date - 16 connects to postfix: 1877183
> date - 17 connects to postfix: 1887443
> date - 18 connects to postfix: 1970753
> date - 19 connects to postfix: 1777092
> date - 20 connects to postfix: 1689313
> date - 21 connects to postfix: 1162918
> date - 22 connects to postfix: 1623203
> 
> this is a simple count of ' connect from ' messages in postfix/mail 
> logs... it's not a perfect proxy for spam levels, but it should track 
> decently to how much 'spam' was actually delivered to my 
> mailserver. Note 
> the drop on the 21st, and the raise back to 'normal' on the 
> 22nd. I didn't 
> do today's numbers, but I'll have my shell script chunk 
> through the rest 
> of the month now too... and report back when it's done.
> 
> -chris
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the 
> nsp-security
> community. Confidentiality is essential for effective 
> Internet security counter-measures.
> _______________________________________________
> 
> 

This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly 
prohibited and may be unlawful.  If you have received this communication 
in error, please immediately notify the sender by reply e-mail and destroy 
all copies of the communication and any attachments.