[Dshield] DNS traffic?

William LeRoy leroy at commvault.com
Fri Aug 29 06:39:05 GMT 2003


That is the same address that I saw starting in July as well.
I sent mail to the ISP with logs.


Bill LeRoy
CommVault Systems
leroy at commvault.com



-----Original Message-----
From: Doug White [mailto:doug at clickdoug.com] 
Sent: Wednesday, August 27, 2003 12:45 AM
To: General DShield Discussion List
Subject: Re: [Dshield] DNS traffic?


These two were easy enough - persistent enough I have the IP numbers
blocked at the perimeter.

======================================
Stop spam on your domain, use our gateway!
For hosting solutions http://www.clickdoug.com
ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772
Suggested corporate Anti-virus policy:
http://www.dshield.org/antivirus.pdf
======================================
If you are not satisfied with my service, my job isn't done!

----- Original Message ----- 
From: "Wilfred A. Smith" <wilfred at esprit-omnimedia.com>
To: "'General DShield Discussion List'" <list at dshield.org>
Sent: Tuesday, August 26, 2003 10:26 PM
Subject: RE: [Dshield] DNS traffic?


| Hey, that's the same IP that I'm getting plastered with (in this 
| particular case).  Can't someone just get in touch with the ISP and 
| insist that this user quit it or get off the 'Net?
|
| He taps me once every hour, it seems.  Both ports get discarded, but 
| it's utterly disturbing how much hostile traffic I'm finding on the 
| 'Net.  In my case, legitimate traffic is < 1/4 my total!
|
| -----Original Message-----
| From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On 
| Behalf Of George Theall
| Sent: Tuesday, August 26, 2003 10:12 AM
| To: General DShield Discussion List
| Subject: Re: [Dshield] DNS traffic?
|
| On Tue, Aug 26, 2003 at 08:20:11AM -0700, Wilfred A. Smith wrote:
|
| > Am I the only one seeing tons of hits on port 135 from remote port
| 666,
| > followed by a hit to 1026?
|
| I suspect these are related to Windows Messenger popups.  As ISPs have

| begun blocking port 135, popup spam is increasingly targetting UDP 
| port 1026.  See <http://www.lurhq.com/popup_spam.html>.
|
| The lion's share of the activity I see is from 64.156.39.12, 
| dialup-64.156.39.12.Dial1.Denver1.Level3.net.  This particular host 
| started hitting me in late July and has been continuing to do so 
| several times per day for each host I monitor. Now I tarpit it.
|
| George
| --
| theall at tifaware.com
|
| _______________________________________________
| list mailing list
| list at dshield.org
| To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
|
|

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list