[MBF]Re: Spam Flurry ?

[Pete McNeil]

On 2013-05-29 15:29, Dave Beckstrom wrote: Yes.  I've been seeing a lot of patterns like that where I can block a whole subnet.  I wish we had something that would parse the declude log files and give stats on spam by IP so that it wasn't a manual process of identifying those IP blocks. You may be able to get a similar effect if you use Message Sniffer and the gbudb utility. The gbudb utility can give you a list of IPs with a particular reputation from your gbudb snapshot (gbx). Worth a look for generating local blocking lists & doing research like you're suggesting. 2012-11-23 New GBUdb Tool We have been playing with a new utility that some of you may enjoy. http://www.armresearch.com/message-sniffer/download/GBUDBTool-V0.1.zip GBUDB Tool allows you to create a list of IP addresses from your GBUdb snapshots (.gbx files). You can select IPs that are "blacker" or "whiter" than a provided probability figure and confidence figure. It outputs one IP per line, optionally with details about the statistics for the IP. This can be useful for feeding-forward blacklists to block at your firewall or for other research purposes. Run GBUDBTool without any parameters and it will tell you about its command line options. Hope this helps, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller ############################################################# This message is sent to you because you are subscribed to the mailing list <community@mailsbestfriend.com>. To unsubscribe, E-mail to: <community-...@mailsbestfriend.com> To switch to the DIGEST mode, E-mail to <community-dig...@mailsbestfriend.com> To switch to the INDEX mode, E-mail to <community-in...@mailsbestfriend.com> Send administrative queries to <community-requ...@mailsbestfriend.com>