[Dshield] RE: list Digest, Vol 16, Issue 11

msidner matthew.sidner at prodigy.net
Fri Apr 9 12:30:29 GMT 2004

Actually, its not your ISP, its your ISP's customers doing this. I'm
seeing the same thing in bulk from Wideopenwest's IP blocks, and
according to the Sans Internet Storm Center this appears to be a new
worm that they're looking for the code on. I think thus far since this
began (about a week ago), I've submitted some 20k lines of logs from
different Wideopenwest domains. I submitted my logs to both dshield and
WOW's abuse email address, but have received no response from
Wideopenwest. Basically if you're firewalled, just hunker down and don't
worry about it, though it has become annoying nearly to the point of a
DOS at times when a large group of them hit.

Matthew W. Sidner

Message: 1
Date: Fri, 9 Apr 2004 00:36:41 -0400
From: "Steve" <itmanager at rjl-pensions.com>
Subject: [Dshield] What is my ISP doing? 
To: "'General DShield Discussion List'" <list at lists.dshield.org>
Message-ID: <200404090441.i394fpi16788 at dshield.com>
Content-Type: text/plain; charset="windows-1252"

I recently have been receiving certain incoming probes from my ISP, or
what I think is my ISP, RoadRunner.

Can anyone help me understand this?



Here is a sample incase the .txt file doesn't go through.

More information about the list mailing list