> > Tracked down attacking IP address to 61.183.69.15. How do I determine > who this > > belongs to as it is not registered in DNS?
in your router, block 61.183/16 Don't waste your time looking up the ip owners of these mofo's, just block em and re-load. >Why would our little old mail server be targeted by such >different IP subnets? It's a fertile races over there, there's a bunch more where these come from. I think the Central Committee filters Internet porn and has outlawed sex so these kiddies have to find their fun somewhere. Clearly, the iwebmsg cgi needs to defend itself, filter very tightly and drop all HTTP requests outside of the narrow range it is designed to handle. I set up an Apache web server on an new ip for one of my clients, it was a few days before he could around to uploading the .html files. By then, the Apache log was over 500 mbytes from nimda, Code Red, and friends. There is just an astonishingly high, astonishingly constant level of background attacks. I picture it as 100's of 1000's of monsters (some Ringhead knows their official name) down in that cave in Fellowship of the Rings. Len http://MenAndMice.com/DNS-training http://BIND8NT.MEIway.com : ISC BIND for NT4 & W2K http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
