Ladies and gents:
I am being hit by a spammer doing a simple dictionary attack. I spotted him in my logs about a week ago and blacklisted him, but he won't go away (of course):
01:35:56 1 SMTP-009([68.15.153.169]) SPAM? Host is in the Blacklist, "You are running a dictionary attack go away"
01:35:57 1 SMTP-009([68.15.153.169]) SPAM? Recipient '<[EMAIL PROTECTED]>' rejected: sending host is blacklisted, "You are running a dictionary attack go away"
01:35:57 1 SMTP-010([68.15.153.169]) SPAM? Host is in the Blacklist, "You are running a dictionary attack go away"
01:35:57 1 SMTP-010([68.15.153.169]) SPAM? Recipient '<[EMAIL PROTECTED]>' rejected: sending host is blacklisted, "You are running a dictionary attack go away"
01:35:58 1 SMTP-011([68.15.153.169]) SPAM? Host is in the Blacklist, "You are running a dictionary attack go away"
01:35:58 1 SMTP-011([68.15.153.169]) SPAM? Recipient '<[EMAIL PROTECTED]>' rejected: sending host is blacklisted, "You are running a dictionary attack go away"
01:35:58 1 SMTP-012([68.15.153.169]) SPAM? Host is in the Blacklist, "You are running a dictionary attack go away"
01:35:59 1 SMTP-012([68.15.153.169]) SPAM? Recipient '<[EMAIL PROTECTED]>' rejected: sending host is blacklisted, "You are running a dictionary attack go away"
01:37:28 3 SYSTEM The current date is Saturday, February 7, 2004
That's almost certainly not a dictionary attack, it looks more like the MyDoom worm.
I'm getting 200-300 of these hits a day. I can handle it but I'd like to complain to the ISP. What Mac tools are best for finding the responsible party?
Basically anything that can do reverse DNS and whois queries. I don't even track the classic Mac OS tools any more, but it used to be that MacTCPWatcher and WhatRoute would do some of these sorts of checks, and there are always the web-based tools at places like http://samspade.org and http://www.geektools.com/whois.php.
On MacOS X, I use command line tools like the standard whois directed at the various regional address registries, a locally installed instance of the geektools whois proxy, and an alternative whois by Marco D'Itri which knows all the RIPE flags and can follow some referrals. There is also Apple's GUI front end to a bunch of traditional tools, called simply Network Utility.
--
Bill Cole [EMAIL PROTECTED]
############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
