Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Scans from proxyprotector.com

From: "Kurt Seifried" <kurt () seifried org>
Date: Tue, 20 May 2003 04:11:13 -0700
If you people haven't figured this out by now it's a large scale spammer
looking for open relays. The scans started on my systems on May 4, 2003 (on
live systems and in dead IP space). They have continued, HEAVILY (i.e. still
beating on IP's that are not in use and have no response). The ISP
(race.com) has undoubtedly been contacted by numerous people (email and
phone). The ISP has not taken action (last scan was <12 hour ago, again a
very heavy scan). It's pretty obvious the ISP is complicit due to complete
lack of action, over the source of several weeks now.

My advice: simply block 64.201.96.0/20 until the scans stop.

Kurt Seifried, kurt () seifried org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/


----------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies 
that are enforced to protect WLANs from known vulnerabilities and threats. 
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at:    
http://www.securityfocus.com/AirDefense-incidents
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: