[101747] in North American Network Operators' Group
Dictionary attacks prompted by NANOG postings?
daemon@ATHENA.MIT.EDU (Barry Shein)
Thu Jan 17 01:55:16 2008
Date: Thu, 17 Jan 2008 01:43:02 -0500 (EST)
From: Barry Shein <bzs@world.std.com>
To: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
Once again shortly after posting a message to NANOG a fairly
significant dictionary attack using Earthlink's mail servers fired up.
The same thing happened around Nov 30th (I posted about it here.)
Does this happen to anyone else posting here? It's pretty clearly a
lame attempt to intimidate by some loser.
Jan 17 01:29:16 pcls5 sendmail[6757]: NOUSER: ani5 relay=elasmtp-kukur.atl.sa.earthlink.net [209.86.89.65]
Jan 17 01:29:19 pcls5 sendmail[7761]: NOUSER: anita2 relay=elasmtp-curtail.atl.sa.earthlink.net [209.86.89.64]
Jan 17 01:29:19 pcls5 sendmail[8036]: NOUSER: ando relay=elasmtp-masked.atl.sa.earthlink.net [209.86.89.68]
Jan 17 01:29:22 pcls5 sendmail[8036]: NOUSER: ando1 relay=elasmtp-masked.atl.sa.earthlink.net [209.86.89.68]
Jan 17 01:29:25 pcls5 sendmail[8036]: NOUSER: ando2 relay=elasmtp-masked.atl.sa.earthlink.net [209.86.89.68]
Jan 17 01:29:28 pcls5 sendmail[8036]: NOUSER: ando3 relay=elasmtp-masked.atl.sa.earthlink.net [209.86.89.68]
Jan 17 01:29:31 pcls5 sendmail[8036]: NOUSER: ando4 relay=elasmtp-masked.atl.sa.earthlink.net [209.86.89.68]
...etc etc
--
-Barry Shein
The World | bzs@TheWorld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD | Login: Nationwide
Software Tool & Die | Public Access Internet | SINCE 1989 *oo*
