[prev in list] [next in list] [prev in thread] [next in thread]
List: dshield
Subject: RE: [Dshield] DNS traffic?
From: "William LeRoy" <leroy () commvault ! com>
Date: 2003-08-29 6:39:05
[Download RAW message or body]
That is the same address that I saw starting in July as well.
I sent mail to the ISP with logs.
Bill LeRoy
CommVault Systems
leroy@commvault.com
-----Original Message-----
From: Doug White [mailto:doug@clickdoug.com]
Sent: Wednesday, August 27, 2003 12:45 AM
To: General DShield Discussion List
Subject: Re: [Dshield] DNS traffic?
These two were easy enough - persistent enough I have the IP numbers
blocked at the perimeter.
======================================
Stop spam on your domain, use our gateway!
For hosting solutions http://www.clickdoug.com
ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772
Suggested corporate Anti-virus policy:
http://www.dshield.org/antivirus.pdf
======================================
If you are not satisfied with my service, my job isn't done!
----- Original Message -----
From: "Wilfred A. Smith" <wilfred@esprit-omnimedia.com>
To: "'General DShield Discussion List'" <list@dshield.org>
Sent: Tuesday, August 26, 2003 10:26 PM
Subject: RE: [Dshield] DNS traffic?
| Hey, that's the same IP that I'm getting plastered with (in this
| particular case). Can't someone just get in touch with the ISP and
| insist that this user quit it or get off the 'Net?
|
| He taps me once every hour, it seems. Both ports get discarded, but
| it's utterly disturbing how much hostile traffic I'm finding on the
| 'Net. In my case, legitimate traffic is < 1/4 my total!
|
| -----Original Message-----
| From: list-bounces@dshield.org [mailto:list-bounces@dshield.org] On
| Behalf Of George Theall
| Sent: Tuesday, August 26, 2003 10:12 AM
| To: General DShield Discussion List
| Subject: Re: [Dshield] DNS traffic?
|
| On Tue, Aug 26, 2003 at 08:20:11AM -0700, Wilfred A. Smith wrote:
|
| > Am I the only one seeing tons of hits on port 135 from remote port
| 666,
| > followed by a hit to 1026?
|
| I suspect these are related to Windows Messenger popups. As ISPs have
| begun blocking port 135, popup spam is increasingly targetting UDP
| port 1026. See <http://www.lurhq.com/popup_spam.html>.
|
| The lion's share of the activity I see is from 64.156.39.12,
| dialup-64.156.39.12.Dial1.Denver1.Level3.net. This particular host
| started hitting me in late July and has been continuing to do so
| several times per day for each host I monitor. Now I tarpit it.
|
| George
| --
| theall@tifaware.com
|
| _______________________________________________
| list mailing list
| list@dshield.org
| To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
|
|
_______________________________________________
list mailing list
list@dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
_______________________________________________
list mailing list
list@dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic