The operating systems that spam you

Someone recently asked on the Sussex LUG list about whether most spam comes from malware-infected Windows machines or misconfigured Linux/unix mail servers.

The question as posed is difficult to answer, but as it happens I have for the last 10 days or so been running p0f against all port 25 connections to, the mail server that sits in front of all email addresses and

If you weren’t aware, p0f is a passive operating system fingerprinting tool which makes an “educated guess” about the operating system at the other end of a TCP connection based on the characteristics of SYN packets sent. It’s a bit like nmap‘s fingerprinting, but it’s totally passive, i.e. it works on data the other side normally sends to you, without making any sort of probe itself.

What all of this means is that I have a very good idea of the operating system of every machine that has tried to send an email to users in the last 10 days.

The rest of this article can be read over on the wiki, but the executive summary is: during the ~10 day period of monitoring, over 90% of unique IPs sending mails that scored 10.0+ in SpamAssassin were associated with hosts running Windows.

Tyneandthyneagain loses Grand National at Aintree

Tyneandthyneagain loses Grand National at Aintree

Tyneandthyneagain becomes the 9th horse to die during the Grand National, and the 32nd horse to die at Aintree in the last 10 years. Tyneandthyneagain suffered a fatal spinal injury and had to be put down.

Only 9 of the 40 horses managed to complete the race.

Please think about this next year when you’re asked to place a bet or join a sweepstake.

Around 375 horses are raced to death every year. Some 30% of these fatalities occur during, or immediately after a race, and result from a broken leg, back, neck or pelvis; fatal spinal injuries; exhaustion; heart attack, or burst blood vessels. The other victims perish from training injuries or are killed after being assessed by their owners as no-hopers.

Under the Gun, Part 2

Last night we finally got around to having our Strugglers Poker Night. Unfortunately I did not do anywhere near as well as in my first poker game!

There were four of us present: myself, Matt, Phil and Simon. We started playing just after 8pm, and stuck to the plan until just after 10pm when we decided the chips were going too slowly and decided to double the ante, blinds and betting limits.

Matt had to leave at about 11.30pm and so we decied we’d allow cashing out, i.e. counting up your chips and taking away the equivalent amount of money. Matt was up by about £2.82!

At around midnight Simon ran out of chips leaving just Phil and I playing head to head. This was going far too slowly and I was seriously low on chips so I decided it would be best to call it a night at that point. Phil came away with over £4 of profit and so was the clear winner, whereas I was left with a loss of about £2.20!

I did make a few glaring errors later in the night due to being a bit tired and not paying enough attention but other than that I don’t think I played too badly, I was just unlucky.

poker set

I hope that we will do it again, but I think we need to change things a little so that the chips go faster. The increased level of betting worked well, but maybe we should look at playing no limit instead (so raises can be any amount)?

By the way, the poker set I bought for the occasion is really quite impressive. The chips are reassuringly heavy, and it came in a nice aluminium case.

A brief trip to Birmingham

A few weeks ago (yes, I suck at blogging on time) I took a brief trip up to Birmingham to visit my parents. I think the last time I was up there was Christmas 2004; I’d missed out last Christmas because of work committments, and I was under a lot of pressure to make the trip in the break between finishing at Aspective and starting at Venda.

Chalky: The Look

It was a largely uneventful trip but I did get to meet Chalky, my father’s new greyhound. Like most greyhounds he enjoys nothing more than somewhere to lounge about sleeping, but I was surprised by just how placid he is. He didn’t even get up to greet me for about an hour! Isn’t he a cutie?

I boycott freenode

Following an extremely ill-advised and abusive April Fools “joke” by Rob Levin, who basically runs freenode, I have decided that I cannot support a network that condones such behaviour.

My main problem with the “prank” is that it completely disrupted the help channel of another network for a long period of time. In fact the disruption still continues. I don’t think that the people participating in it would see the funny side if it happened to their channels.

The only channel I regularly visited on freenode was #lugradio so this is perhaps not a big deal, but unfortunately by being on the network it does imply a certain level of agreement with its policies.

By the way, it wasn’t even April 1st in most of the world when Levin initiated his “joke”.