[40267] in North American Network Operators' Group
Re: Fwd: Re: Code Red variants
daemon@ATHENA.MIT.EDU (Larry Rosenman)
Sun Aug 5 11:40:09 2001
Date: Sun, 5 Aug 2001 10:39:30 -0500
From: Larry Rosenman <ler@lerctr.org>
To: Jeff Ogden <jogden@merit.edu>, nanog@merit.edu
Message-ID: <20010805103930.A6447@lerami.lerctr.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20010805103211.X60418@marius.org>
Errors-To: owner-nanog-outgoing@merit.edu
* Marius Strom <marius@marius.org> [010805 10:38]:
>
> Odd thing: from a Sprint connected network, he seess the most attempts
> from Sprint's Class A.
>
> On my cable-modem connected box through Cox Internet, I see 248 out of
> 256 attempts coming from *.cox-internet.com.
>
> Does the new variant perhaps try to "stick to it's own domain"? I do
> see some non-localdomain stuff as well, so it's not 100% definite, and I
> can't say whether or not the providers are proactively filtering inbound
> to prevent other providers from getting in.
>
According to another post, it wants to stay in the same /8, /16, and
/24.
--
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 972-414-9812 E-Mail: ler@lerctr.org
US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
