Unless, I missed the posts about this,.. I just
(and still am experiencing) a distributed spam
attack.
We get these almost continually
Yep... same here.
it is incredibly depressing to look at the logs. Backup-only MX here
see upwards of 10K messages on bad days, mostly attacks
It'd
be cheaper to move the entire carrier hotel to the safe area and forget
having offsite power.
Exactly!
If you are going to solve the redundant services problem (power and
cooling) with some kind of regional power and cooling network, then it
makes sense to cluster the various
We just recently started using GatewayDefender's Business service. So far,
I've only received about 1 or 2 spam a day -- down from nearly 40-60. Not
bad in my estimation.
(http://www.gatewaydefender.com)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
for all incident watchers:
[Update 20/11/2002 12:30] At this moment the ICT-heart of the university of
Twente is burning. The so-called TWRC-building houses the central systems of
the university, all servers and PCs will be lost and various affiliated
institutes are without Internet
It *still* does some wonky stuff with secondaries, so I might have to
buy (grumble) their services as secondary MX spooling.
We have started distribiting the list of valid addresses to secondary MX
servers to reduce the store and forward load of dictionary attacks on
those servers. Using a
Hi,
#Here is the kicker. I check where these are coming from, they
#are from all over the place. I check for IP address spoofing...
#not happening. No IP options or TCP options.
#
#This came from like about 300 different networks, and yes
#I don't accept source routing (IP Options).
In addition
As some of you have noticed, the BGP4 route containing the address for
route-views.oregon-ix.net has disappeared a while ago (mid-October?).
Their website seems to be gone, and I swear, I couldn't resolve
the domain for a little while just now. Has the Oregon IX been shut down?
Their
Kai,
i'm not sure about the dns for the domain (i suspect the
appropriate people are at ietf.. infact i know i saw their faces
on the mcast stream) but you can reach it by ip.
198.32.162.100
- jared
On Wed, Nov 20, 2002 at 12:50:34PM -0500, Kai Schlichting
--On Wednesday, November 20, 2002 9:40 AM -0800 Joe St Sauver [EMAIL PROTECTED] wrote:
[I will also say that it would really be great if mail-abuse.org would
add an open proxy listing project to complement their RSS, DUL, and
other initiatives.]
They go on the RBL - largely due to the
On 11/20/2002 at 12:40 PM, [EMAIL PROTECTED] wrote:
In addition to thousands of open relays, which are bad enough in
their own right, there are also thousands of open proxy servers
which a growing number of spammers have been using to launch spam
runs lately. I suspect that's what you're
There is a second one as well which is 198.32.162.102. Its a little more
responsive, but with less peers.
---Mike
At 01:04 PM 20/11/2002 -0500, Jared Mauch wrote:
Kai,
i'm not sure about the dns for the domain (i suspect the
appropriate people are at ietf.. infact i
9/11 showed us that, despite the relatively concentrated POPs in NYC,
the
Internet was still the only communications medium that survived the
attack --and it was largely unaffected, even for users located in NYC
itself!
Does of us who where providing emergency transit to providers that
where
route-views is up happy -
route-views.oregon-ix.net
see:
http://www.routeviews.org/
Lucy E. Lynch Academic User Services
Computing CenterUniversity of Oregon
[EMAIL PROTECTED] (541) 346-1774/Cell: 912-7998
On Wed, 20 Nov 2002,
I was getting dns resolver errors earlier back.
(like the zone expired)
it appears someone fixed something since.
- jared
On Wed, Nov 20, 2002 at 06:35:59PM +, Stephen J. Wilcox wrote:
telnet to the domain works fine from here?
confirm you have it
It's definitely there..
Non-authoritative answer:
Name:route-views.oregon-ix.net
Address: 198.32.162.100
route-views.oregon-ix.netsh ip bgp sum
BGP router identifier 198.32.162.100, local AS number 6447
BGP table version is 5314229, main routing table version 5314229
125745 network entries
telnet to the domain works fine from here?
confirm you have it correct- route-views.oregon-ix.net
On Wed, 20 Nov 2002, Mike Tancsa wrote:
There is a second one as well which is 198.32.162.102. Its a little more
responsive, but with less peers.
---Mike
At 01:04 PM
I too was seeing DNS timeouts on the servers I was asking.
---Mike
At 01:37 PM 20/11/2002 -0500, Jared Mauch wrote:
I was getting dns resolver errors earlier back.
(like the zone expired)
it appears someone fixed something since.
- jared
On Wed, Nov
Barney Wolff wrote:
...
But it would be quite foolish to underestimate the
capability of any large group, sufficiently motivated, to inflict
massive damage.
I agree. Never underestimate power of a fringe lunatic group to
cause harm. Now, I am going to go out on a thin limb and
ask the
bind problem...
joelja
On Wed, 20 Nov 2002, Lucy E. Lynch wrote:
route-views is up happy -
route-views.oregon-ix.net
see:
http://www.routeviews.org/
Lucy E. Lynch Academic User Services
Computing Center University of Oregon
pay no attention to that man behind the curtain.
Lucy E. Lynch Academic User Services
Computing CenterUniversity of Oregon
[EMAIL PROTECTED] (541) 346-1774/Cell: 912-7998
On Wed, 20 Nov 2002, Mike Tancsa wrote:
I too was seeing
As some of you have noticed, the BGP4 route containing the address for
route-views.oregon-ix.net has disappeared a while ago (mid-October?).
Their website seems to be gone, and I swear, I couldn't resolve
the domain for a little while just now. Has the Oregon IX been shut down?
As others
[EMAIL PROTECTED] wrote:
As some of you have noticed, the BGP4 route containing the address for
route-views.oregon-ix.net has disappeared a while ago (mid-October?).
Their website seems to be gone, and I swear, I couldn't resolve
the domain for a little while just now. Has the Oregon
Rajendra G. Kulkarni wrote:
I agree. Never underestimate power of a fringe lunatic group to
cause harm. Now, I am going to go out on a thin limb and
ask the following: When Experts say,
don't dismiss cyberattack warning, what can somebody like
me (just a regular user) or for that matter
Kurt == Kurt Erik Lindqvist [EMAIL PROTECTED] writes:
Kurt I am not sure what you mean with 25% of the Internet? What
Kurt connectivity would degrade? From where to where?
If you randomly select nodes to remove, by the time you have removed
25% of them, the network breaks up into
Well said - the radical elements get a lot more bang for their buck with
well placed media stories, than they would ever likely get from a cyber
attack on the Internet. The one point to consider is that there are
critical networks for the economy that run on shared infrastructure also
used by
Kurt I am not sure what you mean with 25% of the Internet? What
Kurt connectivity would degrade? From where to where?
If you randomly select nodes to remove, by the time you have removed
25% of them, the network breaks up into many isolated islands. As Sean
Well, depending on
NANOG,
Wouter van Hulten wrote:
[Update 20/11/2002 12:30] At this moment the ICT-heart of the university of
Twente is burning. The so-called TWRC-building houses the central systems of
the university, all servers and PCs will be lost and various affiliated
institutes are without Internet
I have been wrestling with their Postmaster contact staff (via phone, and
the email black holes at [EMAIL PROTECTED] and [EMAIL PROTECTED]) for over a
week now. I need some sort of resolution, or anything other than Your case
is open. Someone somewhere will do something. Someday.
If anyone
William Waites wrote:
Taking the fear mongering and sabre rattling too seriously is much
more dangerous than any possible network outage.
-w
The context may be different, however, the following two stories tell yet
other sides
of cyber security problem. In this case, it is not the net
Dave Clark, Sean Donelan and I will be briefing the National Research
Council report on
how the Internet handled the events of 9/11/2001 on Thursday morning.
The report is
available on-line this evening and the briefing will be webcast.
For more details see www.nas.edu
Thanks!
Craig
Perhaps something I've mised, but is ARIN.Net no longer handling
lookups? I usually use them to find offending users but got this
when doing a lookup.
No match for 64.124.168.60
Thanks in Advance off on on list.
-Joe
Worked for me:
[mlyon@fitzharris mlyon]$ whois -h whois.arin.net 64.124.168.60
[whois.arin.net]
OrgName:Abovenet Communications, Inc
OrgID: ABVE
NetRange: 64.124.0.0 - 64.125.255.255
CIDR: 64.124.0.0/15
NetName:ABOVENET
NetHandle: NET-64-124-0-0-1
Parent:
Thanks All for the response.
Looks like the web interface (www.arin.net) is the problem.
Thanks again!
33 matches
Mail list logo