Dear All, Checking my logfiles, I noticed that the IP 208.50.149.200 (intruder.rs88.net) came up several times. To be precise: (time is in GMT+0000) May 20 11:51:26 myhost kernel: IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:00:20:da:ec:c6:b9:08:00 SRC=208.50.149.200 DST=x.x.x.x LEN=78 TOS=0x00 PREC=0x00 TTL=109 ID=3981 PROTO=UDP SPT=137 DPT=137 LEN=58 May 20 11:51:28 myhost kernel: IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:00:20:da:ec:c6:b9:08:00 SRC=208.50.149.200 DST=x.x.x.x LEN=78 TOS=0x00 PREC=0x00 TTL=109 ID=10381 PROTO=UDP SPT=137 DPT=137 LEN=58 May 21 12:39:24 myhost kernel: IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:00:20:da:ec:c6:b9:08:00 SRC=208.50.149.200 DST=x.x.x.x LEN=78 TOS=0x00 PREC=0x00 TTL=109 ID=38375 PROTO=UDP SPT=137 DPT=137 LEN=58 May 21 12:39:26 myhost kernel: IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:00:20:da:ec:c6:b9:08:00 SRC=208.50.149.200 DST=x.x.x.x LEN=78 TOS=0x00 PREC=0x00 TTL=109 ID=45287 PROTO=UDP SPT=137 DPT=137 LEN=58 May 22 13:40:34 myhost kernel: IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:00:20:da:ec:c6:b9:08:00 SRC=208.50.149.200 DST=x.x.x.x LEN=78 TOS=0x00 PREC=0x00 TTL=109 ID=11946 PROTO=UDP SPT=137 DPT=137 LEN=58 May 25 19:29:13 myhost kernel: IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:00:20:da:ec:c6:b9:08:00 SRC=208.50.149.200 DST=x.x.x.x LEN=78 TOS=0x00 PREC=0x00 TTL=109 ID=30730 PROTO=UDP SPT=137 DPT=137 LEN=58 May 15 04:54:06 myhost kernel: IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:00:20:da:ec:c6:b9:08:00 SRC=208.50.149.200 DST=x.x.x.x LEN=78 TOS=0x00 PREC=0x00 TTL=110 ID=15511 PROTO=UDP SPT=137 DPT=137 LEN=58 May 15 04:54:09 myhost kernel: IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:00:20:da:ec:c6:b9:08:00 SRC=208.50.149.200 DST=x.x.x.x LEN=78 TOS=0x00 PREC=0x00 TTL=110 ID=38039 PROTO=UDP SPT=137 DPT=137 LEN=58 May 16 06:32:21 myhost kernel: IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:00:20:da:ec:c6:b9:08:00 SRC=208.50.149.200 DST=x.x.x.x LEN=78 TOS=0x00 PREC=0x00 TTL=109 ID=65464 PROTO=UDP SPT=137 DPT=137 LEN=58 May 16 06:32:24 myhost kernel: IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:00:20:da:ec:c6:b9:08:00 SRC=208.50.149.200 DST=x.x.x.x LEN=78 TOS=0x00 PREC=0x00 TTL=109 ID=16057 PROTO=UDP SPT=137 DPT=137 LEN=58 May 19 10:22:44 myhost kernel: IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:00:20:da:ec:c6:b9:08:00 SRC=208.50.149.200 DST=x.x.x.x LEN=78 TOS=0x00 PREC=0x00 TTL=109 ID=56924 PROTO=UDP SPT=137 DPT=137 LEN=58 I would not be worried about it if www.rs88.net did not have the text of "permission-based marketing on the Internet, sending personalized messages from companies to their customers". I sent them an e-mail to their "abuse" e-mail account but did not receive an explanation (over a week ago). simos
This archive was generated by hypermail 2b30 : Sat May 26 2001 - 23:44:37 PDT