On Saturday 24 March 2007, jdow wrote:
>I was recently on the receiving end of an ssh attack (which had less
>chance of success than a nitrocellulose cat in a traditional hell of
>succeeding) from CIHost. And now I received a spate of low scoring DKIM
>identified spams from emaildirect.com, which is hosted in CIHost's
>address range.
>
>O1.com NETBLK-O1-BLK4 (NET-65-98-128-0-1)
> 65.98.128.0 - 65.98.255.255
>EmailDirect, Inc. NETBLK-65-98-146-0 (NET-65-98-146-0-1)
> 65.98.146.0 - 65.98.146.255
>
>
>Were they legitimate at one time?
>
>{^_^}
Dunno Joanne. I rather get a charge out of watching the logs in my dd-wrt
router, running on an old x86 box.
When somebody starts a dictionary attack, I might let it run for maybe 30
minutes & then send the admin of record for that registration a please
shut this person down message. It usually takes 5 minutes to stop. And
all of them have recently come from the same ISP in tw land. If it keeps
up, I'll just block that while class C and be done with it.
Bad puppies, should always be disposed of.
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
A nasty looking dwarf throws a knife at you.
