RE: Increase in traffic to/from DSL subs since August?
Improperly patched machines infected with Nachi (aka Welchia) have been noted transmitting in excess of 500,000 ICMP echo requests via Class B alphabet lookups per hour. The one characteristic of Nachi that simplifies the identification of the infected machines is the fact that each of these echo requests are 92 byte pings. Any monitoring tools or packet sniffers configured to look for these 92 byte pings will greatly simplify the identification of the specific source addresses. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Suresh Ramasubramanian Sent: Thursday, November 20, 2003 9:27 PM Cc: [EMAIL PROTECTED] Subject: Re: Increase in traffic to/from DSL subs since August? Steven M. Bellovin writes on 11/20/2003 4:28 PM: At the IETF Plenary, Bernard Aboba showed a graph of spam, with a marked uptick since SoBig.F in August. My guess is worm-deposited spam relays, though Joel's guess of Nachi or Welchia can't be ruled out, either, without flow data. A ballpark estimate from a couple of friends who run small cable ISPs in India, and from a look at our mailserver log stats, says that yes, this is mostly because of open proxies and trojans infecting unpatched windows machines on broadband. Swen, MiMail and Jeem.mail.pv seem to be the worst offenders wrt spamming trojans, right now. Nachi and Welchia are almost as bad. I'd say blame can be split equally between the two. -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations
RE: Sobig.f surprise attack today
http://xforce.iss.net/xforce/alerts/id/151 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Randy Neals (ORION) Sent: Friday, August 22, 2003 2:54 PM To: 'Omachonu Ogali'; 'Todd Mitchell - lists' Cc: [EMAIL PROTECTED] Subject: RE: Sobig.f surprise attack today Where does one get hold of The List to know if your on it. I've read many of the briefing/press releases put out by the anti-virus companies but they all seem to be witholding the list of master servers. -R -Original Message- Behalf Of Omachonu Ogali Sent: August 22, 2003 2:46 PM If you're responsible for any of the IPs on the list, better permanently remove them from your DHCP pools, IP assignments, dial-up pools, or anything else that assigns IP addresses, because these will be filtered and forgotten for the next 200 years.
AOL Mail Blocking
Anyone notice any issues that began today regarding AOL blocking mail servers? Gary Attard Director Network Operations Center Invision.com Inc. http://www.invision.net Phone: (631) 543-1000 x306 Fax: (631) 864-8896 E-Mail: [EMAIL PROTECTED]
RE: Postini's network.
There is currently an AT T OC192 down from St Louis to San Francisco (Big Pipe: OC-192=9.952 Gbps) -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Drew WeaverSent: Wednesday, July 16, 2003 4:29 PMTo: '[EMAIL PROTECTED]'Subject: Postini's network. Is anyone else having trouble reaching postini? Tracing route to coax.net.coax.mail1.psmtp.com [12.158.34.245] over a maximum of 30 hops: 1 1 ms 1 ms 1 ms gateway.cmh.ee.net [209.190.0.1] 2 1 ms 1 ms 1 ms letmeout.thenap.com [206.222.25.1] 3 1 ms 1 ms 1 ms 209.51.192.18 4 2 ms 2 ms 2 ms 66-162-176-5.gen.twtelecom.net [66.162.176.5] 5 1 ms 2 ms 2 ms dist-02-ge-3-2-0-0.clmb.twtelecom.net [66.192.24 1.213] 6 17 ms 18 ms 16 ms core-02-so-1-3-0-0.nycl.twtelecom.net [66.192.24 1.1] 7 17 ms 17 ms 18 ms 66.192.240.38 8 17 ms 17 ms 17 ms 66.192.252.246 9 18 ms 18 ms 18 ms tbr1-p011601.n54ny.ip.att.net [12.123.1.122] 10 57 ms 58 ms 58 ms tbr1-p013801.cgcil.ip.att.net [12.122.10.50] 11 * I was delivering mail to them fine until 2:35pm. Thanks, -Drew
RE: Postini's network.
AT T Master Trouble Ticket is 1537072 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jerry B. Altzman Sent: Wednesday, July 16, 2003 4:52 PM To: Darren Bolding Cc: 'Drew Weaver'; [EMAIL PROTECTED] Subject: Re: Postini's network. Darren Bolding wrote: There appears to have been some difficulty inside ATT's network the last few minutes. It appears to have been resolved. I don't have a master-ticket number or such yet. Try 201975 --D //jbaltz -- jerry b. altzman[EMAIL PROTECTED]+1 646 230 8750 Thank you for contributing to the heat death of the universe.
Wanted: Liebert AC Unit
I realize this is not necessarily the most appropriate forum to search for a used five(5) or ten(10) ton Liebert AC Unit but it may be the most effective. I am looking for a used 5 and 10 ton unit for raised floor Data Center - anyone know of any recently closed Data Centers looking to liquidate? Gary Attard-Director of Technical Support Invision.com Inc. http://www.invision.com Phone: (631) 543-1000 x306 Fax: (631) 964-8896 E-Mail: [EMAIL PROTECTED]
