[Dshield] DNS traffic?
leroy at commvault.com
Fri Aug 29 06:39:05 GMT 2003
That is the same address that I saw starting in July as well.
I sent mail to the ISP with logs.
leroy at commvault.com
From: Doug White [mailto:doug at clickdoug.com]
Sent: Wednesday, August 27, 2003 12:45 AM
To: General DShield Discussion List
Subject: Re: [Dshield] DNS traffic?
These two were easy enough - persistent enough I have the IP numbers
blocked at the perimeter.
Stop spam on your domain, use our gateway!
For hosting solutions http://www.clickdoug.com
ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772
Suggested corporate Anti-virus policy:
If you are not satisfied with my service, my job isn't done!
----- Original Message -----
From: "Wilfred A. Smith" <wilfred at esprit-omnimedia.com>
To: "'General DShield Discussion List'" <list at dshield.org>
Sent: Tuesday, August 26, 2003 10:26 PM
Subject: RE: [Dshield] DNS traffic?
| Hey, that's the same IP that I'm getting plastered with (in this
| particular case). Can't someone just get in touch with the ISP and
| insist that this user quit it or get off the 'Net?
| He taps me once every hour, it seems. Both ports get discarded, but
| it's utterly disturbing how much hostile traffic I'm finding on the
| 'Net. In my case, legitimate traffic is < 1/4 my total!
| -----Original Message-----
| From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On
| Behalf Of George Theall
| Sent: Tuesday, August 26, 2003 10:12 AM
| To: General DShield Discussion List
| Subject: Re: [Dshield] DNS traffic?
| On Tue, Aug 26, 2003 at 08:20:11AM -0700, Wilfred A. Smith wrote:
| > Am I the only one seeing tons of hits on port 135 from remote port
| > followed by a hit to 1026?
| I suspect these are related to Windows Messenger popups. As ISPs have
| begun blocking port 135, popup spam is increasingly targetting UDP
| port 1026. See <http://www.lurhq.com/popup_spam.html>.
| The lion's share of the activity I see is from 126.96.36.199,
| dialup-188.8.131.52.Dial1.Denver1.Level3.net. This particular host
| started hitting me in late July and has been continuing to do so
| several times per day for each host I monitor. Now I tarpit it.
| theall at tifaware.com
| list mailing list
| list at dshield.org
| To change your subscription options (or unsubscribe), see:
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
More information about the list