Etaoin Shrdlu wrote: >Well, I'm stumped. I mean, really stumped. > >I've had a host scanning my network for the past three days, and it >initially looked like one of the automated scans we've all become so >familiar with (unfortunately). Naturally, the automatic defense was >engaged, and I thought that would be the end of it. Nope. > >It continues to send SYN packets, and although it's dropped off in attacks >to the other machines, it still pounds at the doors of two of them. Those >two machines have a couple of things in common: they are both running BIND >9, and are both OpenBSD {mumble}. > >I've sent email off to the RIPE contacts for the IP (195.250.227.226), and >to the WHOIS contacts for the domain (ocem.com), and to [EMAIL PROTECTED] as >well. Nothing. If I take off the null routing on either of those machines, >it immediately starts hammering at them, with no signs of cessation. I have >considered just letting it finish, but I'm more concerned that there's a >new variant on this moronic scan that doesn't know when to quit. I suspect >that the continuation is because they are DNS servers, since I took the >blocking off of one of the other machines also running OpenBSD, and the >scanning did not resume (although I had expected it to). > >I'm at a loss. If anyone knows Italian (I don't), and can contact one of: > >[EMAIL PROTECTED] >[EMAIL PROTECTED] >[EMAIL PROTECTED] > >or anyone at ocem.com, please, let them know that the machine is >compromised, and that they need to take it off line, and clean it up. > >TIA and all that. > >-- >There are two ways, my friend, that you can be rich in life. >One is to make a lot of money and the other is to have few needs. > >William Sloane Coffin, "Letters to a Young Doubter" >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ > > > I'm italian, if you want, send to me the text of the email for:
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] and I will take care myself of the translation. Regards Vania _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/