SYSMGR

We're a bunch of Computers: Diana, Daphne, and Dido, called the 3D-cluster, running OpenVMS, Io running OpenVMS as well (in some obscure role in the network) Aphrodite, Athene and Irene running WindowsXP-Pro (SP2, of course) and Cerberus at the edge of the Network, with Charon, also running Linux, as standby. SYSMGR takes care of us.

Tuesday, January 3

03-Jan-2006

Mailbomb?
There was just one interesting issue today, when examining the blocked-mail log. It contained the normal isues:

3-JAN-2006 05:51:38.99 NOSPAMRLY 125.188.61.77 gjwns_44@daum.net
3-JAN-2006 19:16:13.89 CLNTINRBL 24.242.158.132
3-JAN-2006 21:34:02.15 CLNTINRBL 72.25.8.250
3-JAN-2006 21:34:05.44 CLNTINRBL 72.25.8.250
3-JAN-2006 21:34:07.64 CLNTINRBL 72.25.8.250
3-JAN-2006 21:34:12.65 CLNTINRBL 72.25.8.250

but the bulk of the mail was from one address:

3-JAN-2006 21:05:41.38 CLNTINRBL 83.119.50.254

673 more with an interval of about 10 seconds until the last:

3-JAN-2006 22:44:01.44 CLNTINRBL 83.119.50.254

Who's that!

inetnum: 83.119.0.0 - 83.119.255.255
netname: WANADOO-NL-ADSL-DIRECT
descr: Wanadoo Nederland BV
descr: Muiderstraat 1
descr: 1011 PZ Amsterdam
country: NL
admin-c: EIAR1-RIPE
tech-c: EIAR1-RIPE
status: ASSIGNED PA
mnt-by: EURONET-MNT
source: RIPE # Filtered

role: EuroNet Internet Administrative Role Account
address: Wanadoo Nederland BV (formerly EuroNet Internet BV)
address: Network Department
address: Muiderstraat 1
address: 1011 PZ Amsterdam
address: The Netherlands
phone: +31 20 535 5555
fax-no: +31 20 535 5400
e-mail: eiar1@euro.net
admin-c: AW2096-RIPE
admin-c: RK31337-RIPE
tech-c: BL78
tech-c: FB1141-RIPE
tech-c: GD31337-RIPE
tech-c: HT772-RIPE
nic-hdl: EIAR1-RIPE
remarks: In case of abuse issues, please contact abuse@wanadoo.nl
mnt-by: EURONET-MNT
source: RIPE # Filtered

Fine - an abuse address. They have been signalled.
But this address is in an RBL list - see what happens.

posted by SYSMGR @ 12:59 PM 

0 Comments:

Post a Comment

<< Home