[outages] New Chinese netblock attacking
Todd Lyons
tlyons at ivenue.com
Mon Dec 5 11:27:31 EST 2011
I guess it was predicatable. I knew the last of the /8's had been
handed out to the RIR's, but this is the first traffic I've actually
seen from 1/8. And it is? A hacked smtp auth mailbox. <sigh>
Hacked mailbox detection:
Dec 4 -> 3.0 mailbox pjohnson at OBFUSCATED.com: (24)
1.195.171.240 => 4
1.195.188.84 => 1
1.195.190.106 => 12
1.195.190.164 => 12
1.195.191.142 => 7
1.195.191.236 => 1
<snip>
Another 0wned windows box I guess. No real question, just pointing
out that traffic is being sourced from some legacy /8's. If you're
still running a bogon filter with static entries of legacy /8's , you
are probably blocking legitimate traffic. Update your bogons.
Regards... Todd
--
If Americans could eliminate sugary beverages, potatoes, white bread,
pasta, white rice and sugary snacks, we would wipe out almost all the
problems we have with weight and diabetes and other metabolic
diseases. -- Dr. Walter Willett, Harvard School of Public Health
More information about the Outages
mailing list