Wholesalebandwidth - spam-operation owned by spammers. [69.6.0.0 - 69.6.63.255]: Null routed! === Attacks example === Path: uni-berlin.de!fu-berlin.de!news.maxwell.syr.edu!news.litech.org!news.misty.com!not-for-mail From: Dave Lugo Newsgroups: news.admin.net-abuse.email Subject: a reminder why it's a good idea to firewall 69.6.0.0/18 Date: Mon, 05 Jan 2004 10:45:52 -0500 Organization: MGT Consulting Lines: 385 Message-ID: NNTP-Posting-Host: spot.etherboy.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Trace: news.misty.com 1073317554 25818 216.158.54.130 (5 Jan 2004 15:45:54 GMT) X-Complaints-To: abuse@misty.com NNTP-Posting-Date: Mon, 5 Jan 2004 15:45:54 +0000 (UTC) User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030630 X-Accept-Language: en-us, en Xref: uni-berlin.de news.admin.net-abuse.email:2144595 At $ork, we've manually plonked Wholesalebandwidth, both at the firewall and MTA level. This is what happens when the shields get dropped for a few seconds: Jan 4 12:09:50 srv smtp-in[28294]: connect from "" [69.6.61.94] reject / IP address. Jan 4 12:09:50 srv smtp-in[28317]: connect from "" [69.6.29.153] reject / IP address. Jan 4 12:09:53 srv smtp-in[28456]: connect from "" [69.6.61.95] reject / IP address. Jan 4 12:09:53 srv smtp-in[28462]: connect from "" [69.6.61.67] reject / IP address. Jan 4 12:09:53 srv smtp-in[28484]: connect from "" [69.6.61.63] reject / IP address. Jan 4 12:09:53 srv smtp-in[28488]: connect from "" [69.6.61.83] reject / IP address. Jan 4 12:09:54 srv smtp-in[28500]: connect from "" [69.6.61.113] reject / IP address. Jan 4 12:09:54 srv smtp-in[28502]: connect from "" [69.6.61.104] reject / IP address. Jan 4 12:09:54 srv smtp-in[28508]: connect from "" [69.6.62.61] reject / IP address. Jan 4 12:09:54 srv smtp-in[28513]: connect from "" [69.6.61.119] reject / IP address. Jan 4 12:09:55 srv smtp-in[28519]: connect from "" [69.6.61.180] reject / IP address. Jan 4 12:09:55 srv smtp-in[28521]: connect from "" [69.6.61.137] reject / IP address. Jan 4 12:09:55 srv smtp-in[28545]: connect from "" [69.6.61.113] reject / IP address. Jan 4 12:09:55 srv smtp-in[28563]: connect from "" [69.6.61.209] reject / IP address. Jan 4 12:09:55 srv smtp-in[28570]: connect from "" [69.6.61.163] reject / IP address. Jan 4 12:09:56 srv smtp-in[28592]: connect from "" [69.6.61.199] reject / IP address. Jan 4 12:09:56 srv smtp-in[28598]: connect from "" [69.6.61.158] reject / IP address. Jan 4 12:09:56 srv smtp-in[28644]: connect from "" [69.6.61.200] reject / IP address. Jan 4 12:09:57 srv smtp-in[28658]: connect from "" [69.6.16.123] reject / IP address. Jan 4 12:09:57 srv smtp-in[28662]: connect from "" [69.6.61.225] reject / IP address. Jan 4 12:09:57 srv smtp-in[28678]: connect from "" [69.6.61.215] reject / IP address. Jan 4 12:09:57 srv smtp-in[28683]: connect from "" [69.6.61.207] reject / IP address. Jan 4 12:09:58 srv smtp-in[28698]: connect from "" [69.6.61.187] reject / IP address. Jan 4 12:09:58 srv smtp-in[28702]: connect from "" [69.6.61.182] reject / IP address. Jan 4 12:09:58 srv smtp-in[28716]: connect from "" [69.6.61.139] reject / IP address. Jan 4 12:09:58 srv smtp-in[28722]: connect from "" [69.6.61.88] reject / IP address. Jan 4 12:09:59 srv smtp-in[28734]: connect from "" [69.6.61.113] reject / IP address. Jan 4 12:09:59 srv smtp-in[28735]: connect from "" [69.6.62.222] reject / IP address. Jan 4 12:09:59 srv smtp-in[28752]: connect from "" [69.6.62.201] reject / IP address. Jan 4 12:09:59 srv smtp-in[28769]: connect from "" [69.6.62.236] reject / IP address. Jan 4 12:10:00 srv smtp-in[28804]: connect from "" [69.6.61.127] reject / IP address. Jan 4 12:10:00 srv smtp-in[28807]: connect from "" [69.6.61.121] reject / IP address. Jan 4 12:10:00 srv smtp-in[28824]: connect from "" [69.6.61.108] reject / IP address. Jan 4 12:10:00 srv smtp-in[28826]: connect from "" [69.6.61.101] reject / IP address. Jan 4 12:10:01 srv smtp-in[28850]: connect from "" [69.6.61.58] reject / IP address. Jan 4 12:10:01 srv smtp-in[28856]: connect from "" [69.6.61.182] reject / IP address. Jan 4 12:10:01 srv smtp-in[28872]: connect from "" [69.6.61.175] reject / IP address. Jan 4 12:10:01 srv smtp-in[28876]: connect from "" [69.6.61.186] reject / IP address. Jan 4 12:10:01 srv smtp-in[28892]: connect from "" [69.6.61.183] reject / IP address. Jan 4 12:10:02 srv smtp-in[28897]: connect from "" [69.6.61.181] reject / IP address. Jan 4 12:10:08 srv smtp-in[29170]: connect from "" [69.6.61.59] reject / IP address. Jan 4 12:10:08 srv smtp-in[29176]: connect from "" [69.6.61.48] reject / IP address. Jan 4 12:10:08 srv smtp-in[29177]: connect from "" [69.6.62.229] reject / IP address. Jan 4 12:10:09 srv smtp-in[29189]: connect from "" [69.6.62.249] reject / IP address. Jan 4 12:10:09 srv smtp-in[29210]: connect from "" [69.6.62.192] reject / IP address. Jan 4 12:10:09 srv smtp-in[29212]: connect from "" [69.6.62.204] reject / IP address. Jan 4 12:10:09 srv smtp-in[29214]: connect from "" [69.6.61.104] reject / IP address. Jan 4 12:10:09 srv smtp-in[29216]: connect from "" [69.6.61.87] reject / IP address. Jan 4 12:10:09 srv smtp-in[29224]: connect from "" [69.6.61.74] reject / IP address. Jan 4 12:10:09 srv smtp-in[29230]: connect from "" [69.6.61.77] reject / IP address. Jan 4 12:10:10 srv smtp-in[29233]: connect from "" [69.6.61.65] reject / IP address. Jan 4 12:10:10 srv smtp-in[29241]: connect from "" [69.6.61.57] reject / IP address. Jan 4 12:10:10 srv smtp-in[29245]: connect from "" [69.6.61.56] reject / IP address. Jan 4 12:10:10 srv smtp-in[29251]: connect from "" [69.6.61.42] reject / IP address. Jan 4 12:10:10 srv smtp-in[29266]: connect from "" [69.6.61.39] reject / IP address. Jan 4 12:10:10 srv smtp-in[29273]: connect from "" [69.6.62.254] reject / IP address. Jan 4 12:10:10 srv smtp-in[29289]: connect from "" [69.6.62.241] reject / IP address. Jan 4 12:10:11 srv smtp-in[29294]: connect from "" [69.6.62.195] reject / IP address. Jan 4 12:10:11 srv smtp-in[29312]: connect from "" [69.6.61.106] reject / IP address. Jan 4 12:10:11 srv smtp-in[29316]: connect from "" [69.6.61.92] reject / IP address. Jan 4 12:10:11 srv smtp-in[29329]: connect from "" [69.6.61.76] reject / IP address. Jan 4 12:10:11 srv smtp-in[29333]: connect from "" [69.6.61.63] reject / IP address. Jan 4 12:10:12 srv smtp-in[29350]: connect from "" [69.6.61.129] reject / IP address. Jan 4 12:10:12 srv smtp-in[29352]: connect from "" [69.6.61.124] reject / IP address. Jan 4 12:10:12 srv smtp-in[29363]: connect from "" [69.6.61.119] reject / IP address. Jan 4 12:10:12 srv smtp-in[29368]: connect from "" [69.6.61.101] reject / IP address. Jan 4 12:10:12 srv smtp-in[29386]: connect from "" [69.6.61.99] reject / IP address. Jan 4 12:10:12 srv smtp-in[29387]: connect from "" [69.6.61.124] reject / IP address. Jan 4 12:10:13 srv smtp-in[29401]: connect from "" [69.6.62.219] reject / IP address. Jan 4 12:10:13 srv smtp-in[29405]: connect from "" [69.6.62.185] reject / IP address. Jan 4 12:10:13 srv smtp-in[29423]: connect from "" [69.6.62.219] reject / IP address. Jan 4 12:10:13 srv smtp-in[29427]: connect from "" [69.6.61.168] reject / IP address. Jan 4 12:10:14 srv smtp-in[29445]: connect from "" [69.6.61.122] reject / IP address. Jan 4 12:10:14 srv smtp-in[29443]: connect from "" [69.6.61.126] reject / IP address. Jan 4 12:10:14 srv smtp-in[29460]: connect from "" [69.6.61.119] reject / IP address. Jan 4 12:10:14 srv smtp-in[29463]: connect from "" [69.6.61.115] reject / IP address. Jan 4 12:10:14 srv smtp-in[29479]: connect from "" [69.6.61.73] reject / IP address. Jan 4 12:10:19 srv smtp-in[29677]: connect from "" [69.6.62.55] reject / IP address. Jan 4 12:10:20 srv smtp-in[29713]: connect from "" [69.6.61.81] reject / IP address. Jan 4 12:10:20 srv smtp-in[29719]: connect from "" [69.6.61.35] reject / IP address. Jan 4 12:10:20 srv smtp-in[29739]: connect from "" [69.6.61.196] reject / IP address. Jan 4 12:10:21 srv smtp-in[29742]: connect from "" [69.6.61.163] reject / IP address. Jan 4 12:10:21 srv smtp-in[29748]: connect from "" [69.6.61.184] reject / IP address. Jan 4 12:10:21 srv smtp-in[29755]: connect from "" [69.6.61.150] reject / IP address. Jan 4 12:10:23 srv smtp-in[21173]: connect from "" [69.6.62.212] reject / IP address. Jan 4 12:10:23 srv smtp-in[21197]: connect from "" [69.6.61.219] reject / IP address. Jan 4 12:10:24 srv smtp-in[21222]: connect from "" [69.6.61.201] reject / IP address. Jan 4 12:10:25 srv smtp-in[21298]: connect from "" [69.6.61.146] reject / IP address. Jan 4 12:10:25 srv smtp-in[21319]: connect from "" [69.6.27.129] reject / IP address. Jan 4 12:10:26 srv smtp-in[21381]: connect from "" [69.6.62.161] reject / IP address. Jan 4 12:10:27 srv smtp-in[21412]: connect from "" [69.6.61.235] reject / IP address. Jan 4 12:10:34 srv smtp-in[21720]: connect from "" [69.6.61.211] reject / IP address. Jan 4 12:10:36 srv smtp-in[21824]: connect from "" [69.6.61.124] reject / IP address. Jan 4 12:10:40 srv smtp-in[21987]: connect from "" [69.6.61.35] reject / IP address. Jan 4 12:10:40 srv smtp-in[22015]: connect from "" [69.6.61.50] reject / IP address. Jan 4 12:10:40 srv smtp-in[22019]: connect from "" [69.6.61.46] reject / IP address. Jan 4 12:10:43 srv smtp-in[22117]: connect from "" [69.6.61.199] reject / IP address. Jan 4 12:10:43 srv smtp-in[22121]: connect from "" [69.6.61.113] reject / IP address. Jan 4 12:10:43 srv smtp-in[22136]: connect from "" [69.6.61.111] reject / IP address. Jan 4 12:10:43 srv smtp-in[22140]: connect from "" [69.6.61.109] reject / IP address. Jan 4 12:10:43 srv smtp-in[22155]: connect from "" [69.6.61.90] reject / IP address. Jan 4 12:10:44 srv smtp-in[22158]: connect from "" [69.6.61.60] reject / IP address. Jan 4 12:10:44 srv smtp-in[22167]: connect from "" [69.6.61.213] reject / IP address. Jan 4 12:10:44 srv smtp-in[11419]: connect from "" [69.6.61.174] reject / IP address. Jan 4 12:10:45 srv smtp-in[11438]: connect from "" [69.6.61.120] reject / IP address. Jan 4 12:10:45 srv smtp-in[11444]: connect from "" [69.6.61.80] reject / IP address. Jan 4 12:10:45 srv smtp-in[11463]: connect from "" [69.6.61.85] reject / IP address. Jan 4 12:10:45 srv smtp-in[11469]: connect from "" [69.6.61.42] reject / IP address. Jan 4 12:10:46 srv smtp-in[11487]: connect from "" [69.6.16.120] reject / IP address. Jan 4 12:10:46 srv smtp-in[11482]: connect from "" [69.6.51.22] reject / IP address. Jan 4 12:10:50 srv smtp-in[11666]: connect from "" [69.6.61.81] reject / IP address. Jan 4 12:10:50 srv smtp-in[22425]: connect from "" [69.6.29.152] reject / IP address. Jan 4 12:10:53 srv smtp-in[11793]: connect from "" [69.6.61.98] reject / IP address. Jan 4 12:10:53 srv smtp-in[11799]: connect from "" [69.6.61.82] reject / IP address. Jan 4 12:10:54 srv smtp-in[11828]: connect from "" [69.6.51.22] reject / IP address. Jan 4 12:10:54 srv smtp-in[11868]: connect from "" [69.6.61.245] reject / IP address. Jan 4 12:10:56 srv smtp-in[11981]: connect from "" [69.6.62.105] reject / IP address. Jan 4 12:10:57 srv smtp-in[11988]: connect from "" [69.6.51.23] reject / IP address. Jan 4 12:10:57 srv smtp-in[11993]: connect from "" [69.6.61.146] reject / IP address. Jan 4 12:10:57 srv smtp-in[12012]: connect from "" [69.6.61.221] reject / IP address. Jan 4 12:10:57 srv smtp-in[12019]: connect from "" [69.6.61.157] reject / IP address. Jan 4 12:10:57 srv smtp-in[12039]: connect from "" [69.6.61.194] reject / IP address. Jan 4 12:10:57 srv smtp-in[12045]: connect from "" [69.6.62.174] reject / IP address. Jan 4 12:11:00 srv smtp-in[12208]: connect from "" [69.6.61.42] reject / IP address. Jan 4 12:11:00 srv smtp-in[12214]: connect from "" [69.6.61.229] reject / IP address. Jan 4 12:11:00 srv smtp-in[12234]: connect from "" [69.6.61.204] reject / IP address. Jan 4 12:11:01 srv smtp-in[12271]: connect from "" [69.6.61.137] reject / IP address. Jan 4 12:11:03 srv smtp-in[12392]: connect from "" [69.6.61.133] reject / IP address. Jan 4 12:11:04 srv smtp-in[12424]: connect from "" [69.6.62.167] reject / IP address. Jan 4 12:11:06 srv smtp-in[12503]: connect from "" [69.6.61.94] reject / IP address. Jan 4 12:11:06 srv smtp-in[12507]: connect from "" [69.6.61.38] reject / IP address. Jan 4 12:11:07 srv smtp-in[12524]: connect from "" [69.6.61.87] reject / IP address. Jan 4 12:11:07 srv smtp-in[12527]: connect from "" [69.6.61.104] reject / IP address. Jan 4 12:11:07 srv smtp-in[12544]: connect from "" [69.6.61.36] reject / IP address. Jan 4 12:11:08 srv smtp-in[12573]: connect from "" [69.6.61.78] reject / IP address. Jan 4 12:11:08 srv smtp-in[12576]: connect from "" [69.6.62.234] reject / IP address. Jan 4 12:11:08 srv smtp-in[12584]: connect from "" [69.6.62.250] reject / IP address. Jan 4 12:11:08 srv smtp-in[12589]: connect from "" [69.6.62.83] reject / IP address. Jan 4 12:11:09 srv smtp-in[14076]: connect from "" [69.6.61.73] reject / IP address. Jan 4 12:11:09 srv smtp-in[14086]: connect from "" [69.6.61.129] reject / IP address. Jan 4 12:11:10 srv smtp-in[14150]: connect from "" [69.6.61.127] reject / IP address. Jan 4 12:11:11 srv smtp-in[12695]: connect from "" [69.6.61.123] reject / IP address. Jan 4 12:11:11 srv smtp-in[14171]: connect from "" [69.6.62.136] reject / IP address. Jan 4 12:11:11 srv smtp-in[14187]: connect from "" [69.6.61.93] reject / IP address. Jan 4 12:11:11 srv smtp-in[14211]: connect from "" [69.6.61.63] reject / IP address. Jan 4 12:11:12 srv smtp-in[14242]: connect from "" [69.6.61.31] reject / IP address. Jan 4 12:11:13 srv smtp-in[14301]: connect from "" [69.6.61.93] reject / IP address. Jan 4 12:11:18 srv smtp-in[14645]: connect from "" [69.6.62.108] reject / IP address. Jan 4 12:11:19 srv smtp-in[14665]: connect from "" [69.6.62.38] reject / IP address. Jan 4 12:11:19 srv smtp-in[14684]: connect from "" [69.6.61.123] reject / IP address. Jan 4 12:11:23 srv smtp-in[14828]: connect from "" [69.6.62.78] reject / IP address. Jan 4 12:11:24 srv smtp-in[14863]: connect from "" [69.6.61.218] reject / IP address. Jan 4 12:11:24 srv smtp-in[14868]: connect from "" [69.6.61.217] reject / IP address. Jan 4 12:11:24 srv smtp-in[14883]: connect from "" [69.6.61.150] reject / IP address. Jan 4 12:11:24 srv smtp-in[14886]: connect from "" [69.6.62.29] reject / IP address. Jan 4 12:11:25 srv smtp-in[7402]: connect from "" [69.6.61.34] reject / IP address. Jan 4 12:11:25 srv smtp-in[7408]: connect from "" [69.6.61.141] reject / IP address. Jan 4 12:11:25 srv smtp-in[7424]: connect from "" [69.6.51.26] reject / IP address. Jan 4 12:11:26 srv smtp-in[7447]: connect from "" [69.6.61.119] reject / IP address. Jan 4 12:11:26 srv smtp-in[7469]: connect from "" [69.6.62.188] reject / IP address. Jan 4 12:11:26 srv smtp-in[7475]: connect from "" [69.6.61.224] reject / IP address. Jan 4 12:11:27 srv smtp-in[7492]: connect from "" [69.6.61.106] reject / IP address. Jan 4 12:11:27 srv smtp-in[7496]: connect from "" [69.6.7.108] reject / IP address. Jan 4 12:11:28 srv smtp-in[7557]: connect from "" [69.6.62.177] reject / IP address. Jan 4 12:11:29 srv smtp-in[15106]: connect from "" [69.6.40.89] reject / IP address. Jan 4 12:11:29 srv smtp-in[7598]: connect from "" [69.6.40.125] reject / IP address. Jan 4 12:11:30 srv smtp-in[15178]: connect from "" [69.6.61.200] reject / IP address. Jan 4 12:11:32 srv smtp-in[15263]: connect from "" [69.6.61.129] reject / IP address. Jan 4 12:11:34 srv smtp-in[15337]: connect from "" [69.6.61.63] reject / IP address. Jan 4 12:11:35 srv smtp-in[15381]: connect from "" [69.6.61.67] reject / IP address. Jan 4 12:11:43 srv smtp-in[8382]: connect from "" [69.6.61.134] reject / IP address. Jan 4 12:11:43 srv smtp-in[8395]: connect from "" [69.6.61.91] reject / IP address. Jan 4 12:11:43 srv smtp-in[10716]: connect from "" [69.6.61.227] reject / IP address. Jan 4 12:11:43 srv smtp-in[8400]: connect from "" [69.6.61.67] reject / IP address. Jan 4 12:11:53 srv smtp-in[11302]: connect from "" [69.6.62.168] reject / IP address. Jan 4 12:11:53 srv smtp-in[11335]: connect from "" [69.6.61.200] reject / IP address. Jan 4 12:11:55 srv smtp-in[11425]: connect from "" [69.6.61.135] reject / IP address. Jan 4 12:11:56 srv smtp-in[11505]: connect from "" [69.6.62.87] reject / IP address. Jan 4 12:11:57 srv smtp-in[11530]: connect from "" [69.6.62.111] reject / IP address. Jan 4 12:11:57 srv smtp-in[11551]: connect from "" [69.6.62.242] reject / IP address. Jan 4 12:11:57 srv smtp-in[11556]: connect from "" [69.6.62.143] reject / IP address. Jan 4 12:11:58 srv smtp-in[11589]: connect from "" [69.6.62.224] reject / IP address. Jan 4 12:12:00 srv smtp-in[11687]: connect from "" [69.6.61.206] reject / IP address. 182 rejected connections in 130 seconds. 'nuff said. -- -------------------------------------------------------- Dave Lugo dlugo@etherboy.com LC Unit #260 TINLC Have you hugged your firewall today? No spam, thanks. -------------------------------------------------------- Are you the police? . . . . No ma'am, we're sysadmins.