[nsp-sec] Ping: Google/GMail
Seth Hall
seth at net.ohio-state.edu
Thu Feb 28 23:42:11 EST 2008
On Feb 28, 2008, at 4:54 PM, John Fraizer wrote:
> Looks like 81.199.0.0/16 is eat up, huh?
> Seth, are you seeing similar?
Yep.
After checking activity against our webmail server with the ASNs
Krista mentioned, I found a compromised account here that had been
logged into from the following addresses today, it matches what you
were seeing on 81.199.0.0/16 too.
3352 | 80.30.243.77 | TELEFONICA-DATA-ESPANA Internet Access
Network of TDE
12491 | 81.199.43.174 | IPPLANET-AS IPPlanet
12491 | 81.199.48.147 | IPPLANET-AS IPPlanet
12491 | 81.199.172.188 | IPPLANET-AS IPPlanet
22351 | 80.255.59.243 | INTELSAT Intelsat Global BGP Routing Policy
Thanks for the naughty webmailers AS list Krista!
.Seth
---
Seth Hall
Network Security - Office of the CIO
The Ohio State University
Phone: 614-292-9721
More information about the nsp-security
mailing list