[nsp-sec] Ping: Google/GMail

[John Fraizer]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


I have confirmed compromises from 81.199.0.0/16.  Thus far, I've got 81.199.89.139 and 81.199.84.132.

I'm trying to get some more details as I only have the apache logs from one webmail platform thus far.

John


John Fraizer wrote:
> ----------- nsp-security Confidential --------
> 
> Krista,
> 
> Please do share as much as you have.  I'm working now on getting the logs for our customer portal and webmail platforms.  Anything you might have that I can contrast
> against is helpful though.
> 
> John
> AS11456 | AS6981
> 
> Krista Hickey wrote:
>> ----------- nsp-security Confidential --------
> 
>> On Feb 28, 2008, John Fraizer wrote:
> 
>>> Looks like 81.199.0.0/16 is eat up, huh?
>> To be fair to AS 12491 they wrote me yesterday saying they had a
>> complaint from their client at 81.199.224.200/29 and I can't find any
>> instance of abuse from that particular range, that said I'm kinda
>> scratching my head as to why a netblock allocated to Israel is
>> complaining about being unable to access our webmail when we've not
>> received a single complaint from a customer so I'm continuing to drop
>> the entire /16 until they respond to my concerns about the rest of their
>> block. Appreciate any info if any of you have seen evil from
>> 81.199.224.200/29 in particular.
> 
>> Krista
>> 7992
> 

_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security

Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org

iD8DBQFHyCmu+16lRpJszIgRAsF/AJ9gten4xbwKDKMj2NYP5QWUwf0spgCdF9PC
CVWMx7xUZUVJHqFwO9cQi+E=
=xqua
-----END PGP SIGNATURE-----