If you people haven't figured this out by now it's a large scale spammer looking for open relays. The scans started on my systems on May 4, 2003 (on live systems and in dead IP space). They have continued, HEAVILY (i.e. still beating on IP's that are not in use and have no response). The ISP (race.com) has undoubtedly been contacted by numerous people (email and phone). The ISP has not taken action (last scan was <12 hour ago, again a very heavy scan). It's pretty obvious the ISP is complicit due to complete lack of action, over the source of several weeks now. My advice: simply block 64.201.96.0/20 until the scans stop. Kurt Seifried, kurtat_private A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ ---------------------------------------------------------------------------- *** Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs. To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-incidents ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue May 20 2003 - 12:50:38 PDT