On Mon, Mar 08, 2004 at 09:25:03AM -0600, the entity calling itself Christopher D. Lewis stated:
> >Following is an entry from pfTop a few minutes ago: > > > >tcp In 206.33.230.44:4895 127.0.0.1:8025 > >ESTABLISHED:FIN_WAIT_2 46:38:32 00:00:44 335K 13M > > > >This guy has been going at it for nearly two full days. I'm running a > >"stock" 3.4 OBSD spamd setup... should I change anything? > > > > > Sounds like you've achieved the purpose of the spamd setup perfectly: > you have consumed spammer resources while not really affecting your > own. > Congratulations! > --Chris > Thanks for your encouragement. Maybe I'm reading the pfTop output incorrectly, but doesn't it say that _my_ resource cost on this transaction was 335K packets and 13 MBytes of bandwidth? If so, I wouldn't call this "no effect" on my resources. Maybe I wasn't clear on the spamd's "value proposition"; I thought it stuttered, staggered and delayed required responses to the targeted ip address - forcing the spammer to keep the connection open, but not necessarily sending buttloads of data. Thanks for any clarification on this, Jay PS: For the record, this host finally disconnected after nearly 49.5 hours: <snip> spamd[23429]: 206.33.230.44: disconnected after 178157 seconds.
