> At 8:25 PM -0500 2/17/03, Transistor Sister wrote: > >bounced back to the originating host. The nature of the > messages are so > >varied that they may have been taken from a spam archive somewhere. > > One theory I've heard on this is that the script kiddies are using > spam for DoS attacks under the (probably correct) assumption that if > you report it to the relevant authorities they will dismiss it as > "just being spam." This was from someone who had in fact tried to > report such a DoS attack and received just that response. I'm not buying it. I think there is a more obvious cause here. Spammers spreading their load out across multiple relays. I spoke with the original complainer and was able to correlate her problem with our current problem. Sure our load was lighter but we were able to trace the problem back to to subnets. 64.119.220.0/24 and 64.119.213.0/24. Both netblocks are allocated to the same company. OrgName: iWay Broadband, Inc. OrgID: IWBB Address: 2075-R Corte Del Nogal City: Carlsbad StateProv: CA PostalCode: 92009 Country: US NetRange: 64.119.192.0 - 64.119.223.255 CIDR: 64.119.192.0/19 NetName: IWAY-BLK-1 NetHandle: NET-64-119-192-0-1 Parent: NET-64-0-0-0-0 NetType: Direct Allocation NameServer: DNS1.IWAYNETWORKS.COM NameServer: DNS2.IWAYNETWORKS.COM Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE RegDate: 2001-08-30 Updated: 2002-06-04 TechHandle: ZW85-ARIN TechName: iWay Networks TechPhone: +1-760-929-2650 TechEmail: ipat_private ---------------------------------------------------------------------------- Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box? CORE IMPACT does. www.securityfocus.com/core
This archive was generated by hypermail 2b30 : Wed Feb 19 2003 - 19:44:04 PST