Country of Origin for Malicious Attacks

I was wondering if folks had noticed any trends with malicious network attacks predominantly originating from any individual or group of countries. Any observations, comments or help would be greatly appreciated. Thanks, sean

RE: Country of Origin for Malicious Attacks

Outside of the U.S., I'll nominate France and the Pacific Rim countries. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 11:58 AM To: [EMAIL PROTECTED] Subject: Country of Origin for Malicious Attacks I was wondering if folks had no

RE: Country of Origin for Malicious Attacks

My observations lately concur with that. .fr .cn .kr (and a sprinkling of .nl) with .fr way in the lead here. :-( scott On Wed, 25 Jun 2003, netadm wrote: : : Outside of the U.S., I'll nominate France and the Pacific Rim : countries. : : -Original Message- : From: [EMAIL PROTEC

Re: Country of Origin for Malicious Attacks

We've also had a high amount of attacks from .de and .it. Thanks, Adam Debus Linux Certified Professional, Linux Certified Administrator #447641 Network Administrator, ReachONE Internet [EMAIL PROTECTED] - Original Message - From: "Scott Weeks" <[EMAIL PROTECTED]> To: "netadm" <[EMAIL P

Re: Country of Origin for Malicious Attacks

Hi, : I was wondering if folks had noticed any trends with malicious network : attacks predominantly originating from any individual or group of : countries. Any observations, comments or help would be greatly : appreciated. As I'm sure will be mentioned a few dozen times by the time this messa

Latency generator?

Title: Latency generator? Does anyone know of any free, cheap, or potentially rentable latency generators?  Ideally I'd like something that just sits between two ethernet devices to induce layer 2/3 latency in traffic, but am open to any options... David Temkin S-I-G 401 City Avenue Bala Cy

RE: Country of Origin for Malicious Attacks

Sean, of the scans I get and have seen.. 60% APNIC region Most noteably- Taiwan, China, and Korea (north) 20% RIPE Most noteable- Former Soviet Block nations then Scandanavian countries... 20% ARIN/LACNIC This is a rough estimate from the last 3 weeks...

Re: Latency generator?

FreeBSD and DUMMYNET? On Wed, 25 Jun 2003, Temkin, David wrote: :>Does anyone know of any free, cheap, or potentially rentable latency :>generators? Ideally I'd like something that just sits between two ethernet :>devices to induce layer 2/3 latency in traffic, but am open to any :>options...

Re: Latency generator?

> From: "Temkin, David" <[EMAIL PROTECTED]> > Date: Wed, 25 Jun 2003 12:48:29 -0400 > Sender: [EMAIL PROTECTED] > > Does anyone know of any free, cheap, or potentially rentable latency > generators? Ideally I'd like something that just sits between two ethernet > devices to induce layer 2/3 late

Re: Latency generator?

On Wed, Jun 25, 2003 at 12:48:29PM -0400, Temkin, David quacked: > Does anyone know of any free, cheap, or potentially rentable latency > generators? Ideally I'd like something that just sits between two ethernet > devices to induce layer 2/3 latency in traffic, but am open to any > options... D

Re: Latency generator?

Temkin, David wrote: Does anyone know of any free, cheap, or potentially rentable latency generators? Ideally I'd like something that just sits between two ethernet devices to induce layer 2/3 latency in traffic, but am open to any options... NIST Net: http://snad.ncsl.nist.gov/itg/nistnet/ Br

Re: Country of Origin for Malicious Attacks

Thanks for all the replies. I was not sure how to tackle the origin problem, so I figured I'd leave it wide open. Both origin as seen by the network, prima facia, and orgin as traced through proxies etc. are useful. Please send along either, but maybe a discalimer saying which would be usef

Lol - I guess we can all just put IPV6 back in the box.

http://news.com.com/2100-1028_3-1020653.html?tag=fd_top   -Drew  

Major E-mail Delivery for FTC DNCR Launch

Good Afternoon and forgive the new guy if I break any rules or conventions. I work for AT&T Government Solutions and we are about to launch the Do Not Call Registry for the Federal Trade Commission. At a high level this allows consumers to register their phone numbers to keep most telem

Re: Latency generator?

Try a 486 with two ethernet cards - that'll introduce PLENTY of latency :) Not too configurable, but it sure is cheap... -David Barak --- "Temkin, David" <[EMAIL PROTECTED]> wrote: > Does anyone know of any free, cheap, or potentially > rentable latency > generators? Ideally I'd like something

Re: Major E-mail Delivery for FTC DNCR Launch

On Wed, 25 Jun 2003, Callahan, Richard M, SOLGV wrote: > > Good Afternoon > and forgive the new guy if I break any rules or conventions. > > I work for AT&T Government Solutions and we are about to launch the Do > Not Call Registry for the Federal Trade Commission. At a high level > this al

Re: Latency generator?

On Wed, 25 Jun 2003, David Barak wrote: > > Try a 486 with two ethernet cards - that'll introduce > PLENTY of latency :) Not too configurable, but it > sure is cheap... If you say so...I've seen plenty a 486 route 10 megs without breaking a sweat. FreeBSD 2.1 in the hizzy! Andy --- Andy Dill

Re: Major E-mail Delivery for FTC DNCR Launch

In message <[EMAIL PROTECTED]> , "Callahan, Richard M, SOLGV" writes: > >Good Afternoon > and forgive the new guy if I break any rules or conventions. > >I work for AT&T Government Solutions and we are about to launch the Do Not Cal >l Registry for the Federal Trade Commission. At a high lev

RE: Major E-mail Delivery for FTC DNCR Launch

You will want to make sure your email and sending server avoid the appearance of evil, I.e. Forward and reverse records match, valid MX for the sending domain, sent from a real address, not an HTML email, etc. -Original Message- From: Andy Dills [mailto:[EMAIL PROTECTED] Sent: Wednesday

Re: Major E-mail Delivery for FTC DNCR Launch

One of my system admins passed the following, and he does have a point: You might pass back: The range of IP addresses that this stuff will be coming from, along with an assurance that only these mails will be coming from these servers would allow us to whitelist those addresses. -- Larry Rosen

Re: Major E-mail Delivery for FTC DNCR Launch

It wouldn't hurt to post the DCC signature either.

Re: Lol - I guess we can all just put IPV6 back in the box.

On Wed, Jun 25, 2003 at 02:25:36PM -0400, Drew Weaver wrote: > http://news.com.com/2100-1028_3-1020653.html?tag=fd_top > Adjacent to the mythical shortage of IPv4 addresses, we find the IPv6 myths, such as the notion that its larger addr

Re: Major E-mail Delivery for FTC DNCR Launch

You might want to look at one of the professional whitelisting outfits. http://www.bondedsender.org http://www.habeas.com/ are two I know of that seem to be supported. -- Simon Lyall.| Newsmaster | Work: [EMAIL PROTECTED] Senior Network/System Admin | Postmaster | Home: [E

Re: Major E-mail Delivery for FTC DNCR Launch

* Make sure repeated attempts to register the same e-mail address get throttled. Don't make the web server a way to e-mail bomb people. * Put in the e-mail a clear, short, easy to read over the phone link (http://www.yoursite.com/spam.html) that describes what action on the web site send

Re: Major E-mail Delivery for FTC DNCR Launch

On Wednesday, Jun 25, 2003, at 21:25 Canada/Eastern, Leo Bicknell wrote: * Put in the e-mail a clear, short, easy to read over the phone link (http://www.yoursite.com/spam.html) that describes what action on the web site sends these e-mails, how to identify an e-mail as actually coming fro

Re: Country of Origin for Malicious Attacks

On Wed, 25 Jun 2003 [EMAIL PROTECTED] wrote: > I was wondering if folks had noticed any trends with malicious network > attacks predominantly originating from any individual or group of > countries. Any observations, comments or help would be greatly > appreciated. If you believe the Vatican, it

Re: Major E-mail Delivery for FTC DNCR Launch

Oops..2nd time, sorry - had to resub to NANOG and hadn't actually sent the sub to -post. > Except possibly don't use the word "spam", or anything else that is > liable to trip SpamAssassin and friends into giving your messages a > high score (so references to abdominal anatomy and cable tv d

Weird email messages with "re:movie" and "re:application" in the subject line..

My email box has started receiving a bunch of emails recently (earlier this evening) with a 80k zip attachment called "your_details.zip" and either "re:movie" and "re:application" from a whole bunch of other address I have never heard of.. New spam technique or some new virus, similar to a Meliss

RE: Weird email messages with "re:movie" and "re:application" in the subject line..

That body should read ... "either "re:movie" and "re:application" in the subject line" Sorry, mark -- Mark Segal Director, Network Planning FCI Broadband Tel: 905-284-4070 Fax: 416-987-4701 http://www.fcibroadband.com Futureway Communications Inc. is now FCI Broadband -Original Mess

RE: Weird email messages with "re:movie" and "re:application" in the subject line..

At least the "Re: Application" message is referenced here: http://vil.nai.com/vil/content/v_100429.htm I received several of these today. Don't know about "Re: movie". todd > My email box has started receiving a bunch of emails recently > (earlier this > evening) with a 80k zip attachment cal

Re: Weird email messages with "re:movie" and "re:application" inthe subject line..

--On Wednesday, June 25, 2003 22:56:52 -0400 Mark Segal <[EMAIL PROTECTED]> wrote: My email box has started receiving a bunch of emails recently (earlier this evening) with a 80k zip attachment called "your_details.zip" and either "re:movie" and "re:application" from a whole bunch of other addr

Re: Weird email messages with "re:movie" and "re:application" inthe subject line..

Yep coming to my nanog email addy. My email box has started receiving a bunch of emails recently (earlier this evening) with a 80k zip attachment called "your_details.zip" and either "re:movie" and "re:application" from a whole bunch of other address I have never heard of.. New spam technique or s

Re: Weird email messages with "re:movie" and "re:application" in the subject line..

> New spam technique or some new virus, similar to a Melissa? Any body > else seeing this? We're seeing it here too, coming to role accounts. Our folks are saying virus, but haven't identified which one yet. Anne

Re: Major E-mail Delivery for FTC DNCR Launch

Leo Bicknell wrote: * Make sure your mail servers are squeeky clean. Forward and reverse match, valid MX's, they report their own name in SMTP headers, no "untrusted sender used -f", etc. Valid abuse@ for the machine name, and the parent domain are essential. Valid contacts for the domai

autoresponders, spam verifiers.

Title: Message Isn't it against nanog's BCP to have auto responders reply to people who post to the list...   This is very annoying ever time I post.. and being the zealot that I am (I know 50,000 heads just nodded their agreement) I do not want to be on his "safe" list.   mark --Mark Segal

Re: Weird email messages with "re:movie" and "re:application" in the subject line..

> W32/[EMAIL PROTECTED] per McAffee. I seem to have done one better ... according to a M$ host in Level3-land, the Unix box right in front of me sent the mail in question. Someone at L3 needs to call home. The only L3 turd in my mail log is their inbound... Jun 25 18:21:11 nic-naa sm-mta[2

RE: Weird email messages with "re:movie" and "re:application" in the subject line..

Here the best link I have seen so far... Thanks to kevin day.. http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED] My guess is they might need to upgrade it to more than 55-999 infections :). mark -- Mark Segal Director, Network Planning FCI Broadband Tel: 905-284-407

Re: Weird email messages with "re:movie" and "re:application" in the subject line..

In message <[EMAIL PROTECTED]>, Eric Brunner-Williams in Portland Maine writes: > > >> W32/[EMAIL PROTECTED] per McAffee. > >I seem to have done one better ... according to a M$ host in Level3-land, >the Unix box right in front of me sent the mail in question. > >Someone at L3 needs to call h

Re: Major E-mail Delivery for FTC DNCR Launch

## On 2003-06-25 21:25 -0400 Leo Bicknell typed: LB> LB> LB> * Put in the e-mail a clear, short, easy to read over the phone LB> link (http://www.yoursite.com/spam.html) Oops: this is an existing URL titled "FREE Credit Card Gateway" :-( LB> that describes what LB> action on the web

companies like microsoft and telia...

...are doing more to help spam than to stop it, in spite of themselves. consider microsoft-yahoo-aol's big fad of the moment which is suing spammers and blaming asia. the number one (#1) contributor to spam is open proxies running on windows/xp, several of which are installed by default as side

Re: companies like microsoft and telia...

On Thu, 26 Jun 2003, Paul Vixie wrote: > excuse me, telia, but your customers are spamming me, and i have no plans to > teach lartomatic (my homebrew complaintbot) how to log into your web site. > it is the year 2003, and you bloody well need to learn how to accept complaints > about YOUR CUSTOME

Re: companies like microsoft and telia...

> > gr. > > telia has been on my list for 2.5 years now for this stuff. let the public shaming begin, then. four isp abusebots have rejected my complaints tonight because (gasp!) i included a copy of the virus i was complaining about. cluestick please!

Re: companies like microsoft and telia...

From: "Paul Vixie" <[EMAIL PROTECTED]> > route:217.208.0.0/13 > descr:TELIANET-BLK > remarks: Abuse issues should be reported at > remarks: http://www.telia.com/security/ > remarks: Mail to [EMAIL PROTECTED] will be auto-replied > remarks: and referred to the U

Re: companies like microsoft and telia...

MS is also, I am told, behind the gutting, stalling, and undermining of Senator Bowen's SB 12 (the California anti-spam legislation). Right now her office is basically scrambling to get other ISPs to give their input so that they can demonstrate that MS does not speak for the networking wo

Re: companies like microsoft and telia...

> > ... it is the year 2003, and you bloody well need to learn how to > > accept complaints about YOUR CUSTOMERS using a format that is most > > convenient to THE VICTIMS. (and you should be THANKING US FOR IT since > > we are DOING YOUR WORK FOR YOU.) > > I agree, I was furious as well when I f