reader to automatically forward all emails from that IP to the abuse desk. That
way when that IP sends you 100 virus emails, the abuse desk gets 100 complaints.
I bet they will have it fixed within 24 hours.
I have my own mail server, and it has been receiving around 4000 per day for the
past week, and they seem to be mostly from about a dozen IP numbers. Last night
I added those IP numbers to my access_restrictions and it drops the connection
as soon as they hit. This has freed up a lot of disk space and CPU load on the
server.
======================================
Stop spam on your domain, Anti-spam solutions
http://www.clickdoug.com/mailfilter.cfm
For hosting solutions http://www.clickdoug.com
======================================
Aspire to Inspire before you Retire or Expire!
----- Original Message -----
From: dana tierney
To: CF-Community
Sent: Sunday, February 01, 2004 8:50 AM
Subject: is it that hard to identify an ip on a network?
I have been getting a ridiculous number of copies of myDoom, and deleting them
while mumbling to myself. Also lots of bounce messages saying that email
addresses that don't exist on my domain have been sending email to mailboxes
that are full. Ran a full virus scan to be on the safe side. Then I noticed that
all of these copies of MyDoom are coming from a single ip address. I run it
through geektools, which says it is the university of arkansas.
I locate and call the after hours support number. The guy that answers the
phone suggests Norton. I sweetly explain that this is not the point, that this
ip has sent 165 copies of MyDoom to me alone on Saturday alone, so it is
probably sending this virus out in vast numbers. It is also claiming at times to
be my dawnrock domain. I give him the ip. He does not know whether it is one of
theirs but does promise to investigate. Fine. It occurs to me that whoever he is
gonna call might like to check the headers themselves so I call him back to ask
about this. He says oh, no, the abuse desk is monitoring the situation and it is
in one of the student dorms. Monitoring, huh... he decides what the hey, I
should send a few copies to [EMAIL PROTECTED], and gives me a name to send it
attention of. I do that and contemplate turning off catch all on my account, but
decide that this will just bounce the emails to the domains they are allegedly
from, not to the offending ip, and so just contrib ute to the problem. I go do
other things.
Six hours later I check my email and find another 25 emails with the worm
attached, almost all of them from the same IP. I call Fayetteville again. They
have a ticket, closed resolved. I tell them it ain't and suggest that if they
have sent that many to me at a domain that has only been registered for two
months, they are probably sending out enough to make their mail server kinda
tired :) The guy at the desk sounds a little swifter than his overnight
colleague and says he will call the guy who allegedly fixed the problem back and
"admonish" him, his words.
Now, I am not a mail admin, thank goodness, and chances are this ip is
dynamically allocated, I guess, but it's been on long enough to send out all
these emails... how hard can it be to locate it and pull the plug?
Thinking too much again,
Dana
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
