After a few days of declining activity, total mail volume shot up. This is consistent with past observations that there's a peak in activity at the beginning of the month.

Total mail volume increased 15.6 percent yesterday from Wednesday. There was an increase in both blocked connections, up 16.8 percent, and total spam, up 7.2 percent. Spam volumes were significantly different, with "high" spam increasing 11.5 percent and "medium" spam declining more than18.5 percent.

Spammers chose to focus on easily identifiable spam and blocked connections yesterday.

The most active spam relay came from Taiwan, from an IP address recognized by SPAMCOP, XBL, CBL and SORBS as a known offender. Turkey also made the list, from an IP address reported by SPAMCOP, XBL and CBL. Chile. Most active blocked mail from a single relay came from IP addresses in Russia and Spain. These two countries have been consistently in the top 10 list, but the IP addresses have been different each time.

Attack Watch 10/2-10/3

In the past 24 hours, the honeynet reported ssh login attempts from Russia, TCP/IP port scans from a Turkish IP address, and an FTP attempt from an unknown IP based in the US.

About one-quarter of the intrusion attempts originated from an Optimum Online IP address (listed as an offender in SORBS). There were four IIS resets sent within a minute, 23 attempts in 13 minutes two hours later, followed by 26 attempts in 35 minutes an hour later, from that address.