[56277] in North American Network Operators' Group
Re: anti-spam vs network abuse
daemon@ATHENA.MIT.EDU (Paul Vixie)
Sat Mar 1 11:58:57 2003
To: nanog@merit.edu
From: Paul Vixie <vixie@vix.com>
Date: 01 Mar 2003 16:58:22 +0000
In-Reply-To: <Pine.LNX.4.44.0303010055010.12785-100000@redhat1.mmaero.com>
Errors-To: owner-nanog-outgoing@merit.edu
jlewis@lewis.org writes:
> When I hooked up my first server on the internet back in 1993, I was kind
> of shocked that some far away stranger was trying to log into my POP3
> server. Unwanted connections have been a fact of life on the internet
> probably since its beginning.
here's a sample of current SMTP activity in unused parts of ISC's netblocks:
> [211.59.151.211] -> [204.152.191.97] hanmir.com <2247kocci1@hanmir.com> (136)
> <coscard02@hanmail.net>
> --
> Message-ID: <90400-22003242705510905@hanmir.com>
> X-EM-Version: 6, 0, 0, 4
> X-EM-Registration: #0010630410721500AB30
> Reply-To: kocci1@hanmir.com
> From: "coscard01" <2247kocci1@hanmir.com>
> To: coscard02@hanmail.net
> Subject: 204.152.191.97
> Date: Thu, 27 Feb 2003 09:55:10 +0900
> MIME-Version: 1.0
> Content-Type: text/html; charset=KS_C_5601-1987
> Content-Transfer-Encoding: quoted-printable
>
> [211.59.151.211] -> [204.152.191.98] hanmir.com <2249kocci1@hanmir.com> (136)
> <coscard02@hanmail.net>
> --
> Message-ID: <226480-2200324270551115@hanmir.com>
> X-EM-Version: 6, 0, 0, 4
> X-EM-Registration: #0010630410721500AB30
> Reply-To: kocci1@hanmir.com
> From: "coscard01" <2249kocci1@hanmir.com>
> To: coscard02@hanmail.net
> Subject: 204.152.191.98
> Date: Thu, 27 Feb 2003 09:55:11 +0900
> MIME-Version: 1.0
> Content-Type: text/html; charset=KS_C_5601-1987
> Content-Transfer-Encoding: quoted-printable
>
> [211.59.151.211] -> [204.152.191.99] hanmir.com <2249kocci1@hanmir.com> (136)
> <coscard02@hanmail.net>
> --
> Message-ID: <67290-22003242705511155@hanmir.com>
> X-EM-Version: 6, 0, 0, 4
> X-EM-Registration: #0010630410721500AB30
> Reply-To: kocci1@hanmir.com
> From: "coscard01" <2249kocci1@hanmir.com>
> To: coscard02@hanmail.net
> Subject: 204.152.191.99
> Date: Thu, 27 Feb 2003 09:55:11 +0900
> MIME-Version: 1.0
> Content-Type: text/html; charset=KS_C_5601-1987
> Content-Transfer-Encoding: quoted-printable
here's the "sort | uniq -c | sort -nr" output from the last two weeks:
> 757266 210.218.176.100
> 126472 210.105.112.100
> 2032 211.59.151.211
> 1261 218.49.187.136
> 780 219.248.155.57
> 508 211.49.94.75
> 508 211.49.94.211
> 508 211.49.94.118
> 508 211.194.117.174
> 506 218.49.187.184
> 378 211.49.94.238
> 252 218.49.187.176
> 221 61.75.215.47
> 214 61.61.28.159
> 118 61.254.207.114
> 6 62.79.90.71
> 4 217.226.92.40
> 3 80.130.52.180
> 3 217.226.91.5
> 2 80.130.54.82
> 2 217.226.91.68
> 2 217.226.82.168
> 1 62.79.110.122
> 1 217.226.85.181
> 1 217.226.83.80
i don't think this is, ever was, or will be allowed to be, a fact of my life.
--
Paul Vixie
