* Avleen Vig ([EMAIL PROTECTED]) [030124 23:50] writeth:
>
>It seems we have a new worm hitting Microsoft SQL server servers on port
>1434.
Affirmative. Be sure to block 1434 UDP on both the inbound and the
outbound. Infected servers are VERY NOISY.
At 01:32 AM 1/25/2003, you wrote:
It seems we have a new worm hitting Microsoft SQL server servers on port
1434.
Agreed... shutting down MSSQL stopped the flood here now to find it and
remove it
It is global.
01:42:04.040462 194.87.13.21.1812 > x.x.x.x.1434: rad-account-req
376 [id 1] Attr[ User User User User User User User User User User User
User User User User User User User User User User User User User User User
User User User User User User User [|radius]
That is the traffic..
I am seeing similar traffic loads on my network at this hour, one of our
MS SQL servers seemed to be sending a large amount of traffic out to the
Internet. Still looking into it but too similar for me to avoid sending
an e-mail.
-
Kevin Welch
Same here. We first saw what looked like a DoS at about
09:00 PST. We're seeing strange stuff all over the place.
-jr
* hc <[EMAIL PROTECTED]> [20030124 22:35]:
>
> I am on Verizon-GNI via Qwest and Genuity and seeing the same problem as
> well.
>
> -hc
>
&
Okay this is getting bad.. one of our routers just locked up from udp
1434's. Can't even telnet to it now.
-hc
Joel Perez wrote:
My firewalls are going nuts with hits on UDP port 1434 also from everywhere!
-Original Message-
From: Aaron Burnett [mailto:[EMAIL PROTECTED]]
Sent: Sa
On Sat, 25 Jan 2003, Alex Rubenstein wrote:
>
>
> I dunno about that. But, I am seeing, in the last couple hours, all kinds
> of new traffic.
>
> like, customers who never get attacked or anything, all of a sudden:
>
> http://mrtg.nac.net/switch9.oct.nac.net/3865/switch9.oct.nac.net-3865.ht
We just had a box inside one of my customers networks start sending tons
of small packets not sure what kind yet.
On Sat, 25 Jan 2003, Alex Rubenstein wrote:
>
>
> I dunno about that. But, I am seeing, in the last couple hours, all kinds
> of new traffic.
>
> like, customers who never get attac
At 01:29 AM 1/25/2003, you wrote:
I am on Verizon-GNI via Qwest and Genuity and seeing the same problem as well.
Lots of traffic on udp port 1434 coming in here via TW Telecom and Sprint
Looks like we may have a winner for DDoS of the year (so far)
It seems we have a new worm hitting Microsoft SQL server servers on port
1434.
I am on Verizon-GNI via Qwest and Genuity and seeing the same problem as
well.
-hc
Joel Perez wrote:
I am also seeing increased traffic on my network. It has gotten so bad for one of my edge routers that i cant telnet into it.
But i am on Qwest and GBLX.
-Original Message-
From: Al
On Sat, 25 Jan 2003, Alex Rubenstein wrote:
>
>
> I dunno about that. But, I am seeing, in the last couple hours, all kinds
> of new traffic.
>
> like, customers who never get attacked or anything, all of a sudden:
>
> http://mrtg.nac.net/switch9.oct.nac.net/3865/switch9.oct.nac.net-38
I dunno about that. But, I am seeing, in the last couple hours, all kinds
of new traffic.
like, customers who never get attacked or anything, all of a sudden:
http://mrtg.nac.net/switch9.oct.nac.net/3865/switch9.oct.nac.net-3865.html
We are seeing this on ports all across out network
Anyone seeing routing problems with Level3 at this hour? I just
witnessed tons of prefixes behind level3's network withdraw. Any
information on what is happening (if you know) would be great. Thanks!
-hc
One more follow-up worth mentioning I was able to contact SimpleNet (aka
Yahoo! Servers) today and in short order, and very responsibly, they quickly
added rDNS for me. Kudos to Raaf and company, thanks guys!
-Jim P.
> -Original Message-
> From: Jim Popovitch [mailto:[EMAIL PROTECTE
On Fri, 24 Jan 2003 19:16:55 -0500 (EST) Sean Donelan <[EMAIL PROTECTED]> wrote:
> Doesn't anyone else find it funny when people scream that ISPs should
> block ports and shoot people with misconfigured systems; yet when
> an ISP actually does enforce even a modest requirement; people start
> scre
Perhaps, continuing the off-topic thread...
The best compression techniques that do not use block-based methods (as
in MPEG-2/4) can achieve much better compression capabilities than
listed below and in the other follow-on thread. For an excellent
overview of what this may do for video on demand
Once upon a time, Jack Bates <[EMAIL PROTECTED]> said:
> I'm hoping that more large ISP's will make valid reverses a requirement.
> Everyone will conform to meet what the largest user bases require and allow
> the smaller guys who want to revamp able to safely do so. This is the
> standard premise
From: "Sean Donelan"
> Doesn't anyone else find it funny when people scream that ISPs should
> block ports and shoot people with misconfigured systems; yet when
> an ISP actually does enforce even a modest requirement; people start
> screaming how unfair or stupid that ISP is for doing that.
>
I
> Rejecting on broken or non-existing DNS will probably reject mail from
> more than 15% of all mail servers on the Internet - guaranteeing a
> false positive rate not even matched by the combined 6 DNSBL's I
> use - cumulative and with hard 5xx rejects. AT&T on the other hand,
> will us
No kidding, dude. I've only been keeping track for a few weeks. Is
anyone awake behind the wheel over there?
matt@pants:~$ mysql -e 'select count(relayi) from logged where relayi
like "12.%" ' spam
+---+
| count(relayi) |
+---+
| 249 |
+---+
matt@
Just a small thank you-note to all the 27(!) people who responded to me
privately with the information I needed. The issue has now been
resolved, so my compliments to the very helpful guys at Qwest who got
this quickly sorted out as well.
/leg
On Fri, 2003-01-24 at 11:36, Lars Erik Gullerud wro
On 1/24/2003 at 2:40 AM, [EMAIL PROTECTED] wrote:
> Chris at UUNet help determine this is a rDNS issue. att.net seems to have
> started rejecting email from mail servers that don't have a proper reverse
> DNS entry. This is a good thing, even though it is causing me some problems
> at the mome
I've been bombarded for weeks now by attempts to relay spam from
Mosaic Data Solutions, an Exodus customer.
Logs and complaint sent to [EMAIL PROTECTED] yielded, surprisingly,
nothing.
I've nullrouted all their blocks, (thanks rwhois.exodus.net!) but the
inbound SYNs keep coming. They've been a
Several folks have asked me for a list of who is participating at the
Peering BOF VI at NANOG. Here is a list of who I have so far:
Steve Schecter Net Access Corp AS8001
Chris Malayter TDS Telecom AS4181
Celeste AndersonUSC/ISI AS226
Daniel Golding
One of my clients is having this exact problem as we speak. Their MX record lists the
correct domain name and IP but when they send mail out, the domain name stays the same
but the IP is different. The public IP, not the MX record IP, gets associated to the
email. I'm wondering if is the cau
Sorry, slightly off topic, but they seem to serve quite a
large number of domains.
Is anyone having problems reaching domains with EveryDNS hosted name servers? It appears even their offsite
machines are not responding.
---
Michael Damm, MIS Department, Irwin Research &
Development
On Fri, 24 Jan 2003, Jim Popovitch wrote:
>
> Chris at UUNet help determine this is a rDNS issue. att.net seems to have
> started rejecting email from mail servers that don't have a proper reverse
> DNS entry. This is a good thing, even though it is causing me some problems
> at the moment. Th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
NANOG,
I am trying to get a hold of a sales/marketing contact at the
Ameritech NAP in Chicago. My previous contact is apparently no
longer employed by SBC/Ameritech. Does anyone have a contact that I
can use? I would check www.aads.net, but it
> Does anyone have a working NOC contact for SuperNet Inc., AS3908? Or if
> they are now perhaps owned by some other entity (All traces seems to end
> up in Qwest.net), who might that be, and how can we get in touch with
> them?
>
> The issue is that 3908 is incorrectly announcing five /24's an
This report has been generated at Fri Jan 24 21:45:50 2003 AEST.
The report analyses the BGP Routing Table of an AS4637 (Reach) router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org/as4637 for a current version of this report.
Recent Table Hist
Does anyone have a working NOC contact for SuperNet Inc., AS3908? Or if
they are now perhaps owned by some other entity (All traces seems to end
up in Qwest.net), who might that be, and how can we get in touch with
them?
The issue is that 3908 is incorrectly announcing five /24's and a /22
with
32 matches
Mail list logo