Hi Pete, I wish I could still afford message sniffer. My business has changed. I mainly just run declude these days.
_____ From: [email protected] [mailto:[email protected]] On Behalf Of Pete McNeil Sent: Wednesday, May 29, 2013 2:59 PM To: [email protected] Subject: [MBF]Re: Spam Flurry ? On 2013-05-29 15:29, Dave Beckstrom wrote: Yes. I've been seeing a lot of patterns like that where I can block a whole subnet. I wish we had something that would parse the declude log files and give stats on spam by IP so that it wasn't a manual process of identifying those IP blocks. You may be able to get a similar effect if you use Message Sniffer and the gbudb utility. The gbudb utility can give you a list of IPs with a particular reputation from your gbudb snapshot (gbx). Worth a look for generating local blocking lists & doing research like you're suggesting. 2012-11-23 New GBUdb Tool We have been playing with a new utility that some of you may enjoy. http://www.armresearch.com/message-sniffer/download/GBUDBTool-V0.1.zip GBUDB Tool allows you to create a list of IP addresses from your GBUdb snapshots (.gbx files). You can select IPs that are "blacker" or "whiter" than a provided probability figure and confidence figure. It outputs one IP per line, optionally with details about the statistics for the IP. This can be useful for feeding-forward blacklists to block at your firewall or for other research purposes. Run GBUDBTool without any parameters and it will tell you about its command line options. Hope this helps, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller ############################################################# This message is sent to you because you are subscribed to the mailing list <[email protected]>. To unsubscribe, E-mail to: <[email protected]> To switch to the DIGEST mode, E-mail to <[email protected]> To switch to the INDEX mode, E-mail to <[email protected]> Send administrative queries to <[email protected]>
