It's SBC. They'll probably listen:
OrgName: SBC Internet Services
OrgID: SIS-80
Address: 208 S Akard St
Address: One AT&T Plaza 22nd Floor / Attn: IP Management Group
City: Dallas
StateProv: TX
PostalCode: 75202
Country: US
NetRange: 63.192.0.0 - 63.207.255.255
CIDR: 63.192.0.0/12
NetName: SBCIS-SIS80
NetHandle: NET-63-192-0-0-1
Parent: NET-63-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.PBI.NET
NameServer: NS2.PBI.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
Comment: please send all abuse issue e-mails to [EMAIL PROTECTED]
RegDate: 1999-05-10
Updated: 2005-09-30
RTechHandle: PIA2-ORG-ARIN
RTechName: IPAdmin-PBI
RTechPhone: +1-800-648-1626
RTechEmail: [EMAIL PROTECTED]
OrgAbuseHandle: ABUSE6-ARIN
OrgAbuseName: Abuse - Southwestern Bell Internet
OrgAbusePhone: +1-800-648-1626
OrgAbuseEmail: [EMAIL PROTECTED]
OrgNOCHandle: SUPPO-ARIN
OrgNOCName: Support - Southwestern Bell Internet Services
OrgNOCPhone: +1-800-648-1626
OrgNOCEmail: [EMAIL PROTECTED]
OrgTechHandle: IPADM2-ARIN
OrgTechName: IPAdmin-SBIS
OrgTechPhone: +1-800-648-1626
OrgTechEmail: [EMAIL PROTECTED]
# ARIN WHOIS database, last updated 2006-08-14 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
----- Original Message -----
From: "Kevin Bilbee" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Tuesday, August 15, 2006 4:48 PM
Subject: RE: [IMail Forum] POP3 Security / DOS Attack
Also, if possible, lookup the owner of the IP and report he abuse to them if
they are willing to listen.
Kevin
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:Imail_Forum-
[EMAIL PROTECTED] On Behalf Of Jason Loven
Sent: Tuesday, August 15, 2006 12:49 PM
To: [email protected]
Subject: RE: [IMail Forum] POP3 Security / DOS Attack
Since it seems to all be coming from the same IP I'd say block that IP
at your firewall.
Thank you,
Jason Loven
Manager - Technical Services Department
Computer Associates, Inc.
36 Thurber Blvd, Smithfield RI 02917
Phone: (401)232-2600, Fax: (401)232-7778
Email: [EMAIL PROTECTED]
Web: http://www.cainetserv.com/
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Archer Koch
Sent: Tuesday, August 15, 2006 3:13 PM
To: [email protected]
Subject: [IMail Forum] POP3 Security / DOS Attack
We had a POP3 attack this morning that looked like this:
08:15 08:43 POP3D UNK: mail.XXXXXXX.XXX - lydia
08:15 08:43 POP3D (0471D5B4) logon failure for kayla mail.XXXXXXX.XXX
from
63.201.40.234
08:15 08:43 POP3D UNK: mail.XXXXXXX.XXX - mail
08:15 08:43 POP3D (0471D622) logon failure for lydia mail.XXXXXXX.XXX
from
63.201.40.234
08:15 08:43 POP3D UNK: mail.XXXXXXX.XXX - kayla
08:15 08:43 POP3D (0471D68F) logon failure for mail mail.XXXXXXX.XXX
from
63.201.40.234
08:15 08:43 POP3D UNK: mail.XXXXXXX.XXX - kent
08:15 08:43 POP3D (0471D6FC) logon failure for kayla mail.XXXXXXX.XXX
from
63.201.40.234
08:15 08:43 POP3D UNK: mail.XXXXXXX.XXX - kirk
08:15 08:43 POP3D (0471D76A) logon failure for kent mail.XXXXXXX.XXX
from
63.201.40.234
This is just a tiny snippet of the attack, which brought the POP3
service to its knees. Imail 8.22
I haven't been able to find any information about thwarting such an
attack
-- or even any reports of such attacks occurring for that matter, so I
turn to you for your valued input. Obviously, the implications are
quite serious.
Archer
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-
archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
