[nsp-sec] anomalies?

Joel Rosenblatt joel at columbia.edu
Tue Dec 28 14:34:33 EST 2010 

I was not kidding about our spam numbers being down

WHERE SPAM AND OTHER JUNK CAME FROM

827,000 spam and other junk came from 120,524 unique IP addresses
(about 6 messages per host).

735,651 spam messages came from 110,499 unique IP addresses
(about 6 messages per host).

Of the 91,349 other junk,
       35 were bounces to jra54449 at cs.columbia.edu, an address
that has never existed (most count as "null to invalid rcpt").


We are usually way over 1 million

I guess I'm in the second group :-)

Joel

--On Tuesday, December 28, 2010 2:19 PM -0500 "Gilmore, Patrick" <patrick at akamai.com> wrote:

> ----------- nsp-security Confidential --------
>
> On Dec 28, 2010, at 12:55 PM, Joel Rosenblatt wrote:
>
>> Didn't you get the memo?  It's an official Bad Guy Holiday :-)
>>
>> Our spam numbers were down below 1 million .. it's a very slow day
>
> In all seriousness, I'm seeing reports of very low spam, viruses, trojan'ed attachments, etc. from several places.  For instance, a couple publicly available
> graphs:     <http://cbl.abuseat.org/totalflow.html>
>     <http://www.spamcop.net/spamgraph.shtml?spammonth>
>
> I have also seen multiple reports from multiple places that the Rustock botnet is either very slow or even completely down.
>
> This makes some people happy.  It worries others.  Are they just taking a holiday?  Or are they gearing up for something worse?
>
> Anyone have any intel?
>
> --
> TTFN,
> patrick
>
>
>> --On Tuesday, December 28, 2010 4:00 PM +0000 Tino Steward <tsteward at us.ntt.net> wrote:
>>
>>> ----------- nsp-security Confidential --------
>>>
>>> I am currently seeing "no" anomalies no spam and no DoS attacks for the past 45 minutes. Has the world ended while I sit oblivious at my desk?
>>> --
>>>
>>> Tino T. Steward SNA1 - Security & Abuse	                                     tsteward at us.ntt.net
>>> NTT Communications Global IP Network Operations Center
>>> 214-853-7344 (Ph.)                                                           214.800.7771 (Fax)
>>>
>>> AUP online: http://www.nttamerica.com/legal/internet/acceptable_policy.html
>>> AUP online: http://www.ntt.net/library/pdf/AUP.pdf
>>>
>>> Check http://www.cert.org for some of the latest documented exploits and your OS manufacturer for the latest security patches.
>>>
>>> Intruder detection: http://www.cert.org/tech_tips/intruder_detection_checklist.html
>>>
>>> Latest viruses: http://www.cert.org
>>>
>>> Recovering from a compromised host: http://www.cert.org/tech_tips/win-UNIX-system_compromise.html
>>>
>>> This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If
>>> you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its
>>> attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. NTT America makes no warranty
>>> that this email is error or virus free. Thank you.
>>>
>>>
>>> _______________________________________________
>>> nsp-security mailing list
>>> nsp-security at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/nsp-security
>>>
>>> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
>>> community. Confidentiality is essential for effective Internet security counter-measures.
>>> _______________________________________________
>>>
>>
>>
>>
>> Joel Rosenblatt, Manager Network & Computer Security
>> Columbia Information Security Office (CISO)
>> Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
>> http://www.columbia.edu/~joel
>> Public PGP key
>> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3
>>
>>
>>
>> _______________________________________________
>> nsp-security mailing list
>> nsp-security at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/nsp-security
>>
>> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
>> community. Confidentiality is essential for effective Internet security counter-measures.
>> _______________________________________________
>
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>



Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel
Public PGP key
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3

More information about the nsp-security mailing list