On Mar 24, 2007, at 3:35 PM, Gene Heskett wrote:
On Saturday 24 March 2007, jdow wrote:
I was recently on the receiving end of an ssh attack (which had less
chance of success than a nitrocellulose cat in a traditional hell of
succeeding) from CIHost. And now I received a spate of low scoring
DKIM
identified spams from emaildirect.com, which is hosted in CIHost's
address range.
O1.com NETBLK-O1-BLK4 (NET-65-98-128-0-1)
65.98.128.0 - 65.98.255.255
EmailDirect, Inc. NETBLK-65-98-146-0 (NET-65-98-146-0-1)
65.98.146.0 - 65.98.146.255
Were they legitimate at one time?
{^_^}
Dunno Joanne. I rather get a charge out of watching the logs in my
dd-wrt
router, running on an old x86 box.
When somebody starts a dictionary attack, I might let it run for
maybe 30
minutes & then send the admin of record for that registration a please
shut this person down message. It usually takes 5 minutes to
stop. And
all of them have recently come from the same ISP in tw land. If it
keeps
up, I'll just block that while class C and be done with it.
Bad puppies, should always be disposed of.
or you could save your time and have a script take care of all that
(http://bubba.org/logact).
