Incoming!

title: Incoming! date: 30 December 2003 12:00:00 PST

Holy crap. I wrote a few weeks ago about setting up spampot.py on my home machine. Since then I've had probes, but most were not relayed because the probes didn't match what spampot.py was looking for. (Interestingly, I looked at the traffic with tcpdump and found the probes starting conversations with "EHLO"; when spampot.py returned "Command unrecognized", they went away. But then they'd be back in ten minutes, regular as clockwork...)

But in the last few days...well, take a look at the number of connections:

Dec 13 | 2
Dec 14 | 2
Dec 16 | 3
Dec 17 | 3
Dec 18 | 2
Dec 19 | 2
Dec 20 | 2
Dec 21 | 1
Dec 22 | 1
Dec 23 | 1
Dec 24 | 14
Dec 25 | 1
Dec 26 | 4
Dec 27 | 2
Dec 28 | 396
Dec 29 | 2021
Dec 30 | 13671

Going through my mail logs, I can see that one message a day has been relayed (ie, has made spampot.py think it's a probe and has thus been allowed to be sent) since the 22nd. I guess that's what's convinced the spammers it's real.

I think the thing to to at this point is to compile tarpitting into the kernel and really slow 'em down...any thoughts?

Original entry.