[79205] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

SORBS Scanning (unauthorized)

daemon@ATHENA.MIT.EDU (Dean Anderson)
Thu Mar 31 19:40:49 2005

Date: Thu, 31 Mar 2005 19:40:23 -0500 (EST)
From: Dean Anderson <dean@av8.com>
To: nanog@merit.edu
Errors-To: owner-nanog@merit.edu


Ok, lets get back on topic: (some cisco config for network operators:)

SORBS is relay testing again (see bounce below).  BTW:  for those networks
that only feel comfortable blocking illegal activity, this is a violation
of CAN-SPAM, because the message forges email headers, which is banned.

You can access list the scanners by the following:

  access-list 104 deny ip 203.15.51.42 0.0.0.31 any

Its more effective to block the DNS servers for the blacklist:

  access-list 104 deny ip host 194.109.9.11 any
  access-list 104 deny ip host 194.134.35.168 any
  access-list 104 deny ip host 194.134.35.204 any
  access-list 104 deny ip host 204.152.186.189 any
  access-list 104 deny ip host 203.15.51.34 any
  access-list 104 deny ip host 209.209.1.20 any
  access-list 104 deny ip host 209.142.2.10 any
  access-list 104 deny ip host 194.134.64.74 any
  access-list 104 deny ip host 128.193.0.30 any
  access-list 104 deny ip host 128.193.0.130 any




Date: Wed, 30 Mar 2005 16:48:17 -0500
From: Mail Delivery Subsystem <MAILER-DAEMON@unspecified-domain>
To: postmaster@unspecified-domain, spamtest@citation.av8.net
Subject: Returned mail: Local configuration error

The original message was received at Wed, 30 Mar 2005 16:44:45 -0500
from goliath.sorbs.net [203.15.51.42]

   ----- The following addresses had permanent fatal errors -----
<@[130.105.12.3]:relays@sorbs.net>

   ----- Transcript of session follows -----
554 <@[130.105.12.3]:relays@sorbs.net>... Local configuration error





-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000
home help back first fref pref prev next nref lref last post