Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 22 Aug 2003 18:17:38 -0300
From:      "Alex Soares de Moura" <alex@rnp.br>
To:        <freebsd-isp@freebsd.org>
Subject:   Re: sobig effects - batten down the hatches
Message-ID:  <047a01c368f2$d0a933f0$0d3f11c8@ncrj.rnp.br>
References:  <Pine.BSF.4.21.0308230708110.35459-100000@satin.sensation.net.au>
next in thread | previous in thread | raw e-mail | index | archive | help 
Yes, we've applied ACLs to some destinations known it would try
to access and in the programmed time, we started to get hits on the
ACLs:

    deny ip any host 67.73.21.6 log (558 matches)
    deny ip any host 68.38.159.161 log (470 matches)
    deny ip any host 67.9.241.67 log (593 matches)
    deny ip any host 66.131.207.81 log (460 matches)
    deny ip any host 65.177.240.194 log (623 matches)
    deny ip any host 65.93.81.59 log (441 matches)
    deny ip any host 65.95.193.138 log (622 matches)
    deny ip any host 65.92.186.145 log (478 matches)
    deny ip any host 63.250.82.87 log (644 matches)
    deny ip any host 65.92.80.218 log (459 matches)
    deny ip any host 61.38.187.59 log (621 matches)
    deny ip any host 24.210.182.156 log (498 matches)
    deny ip any host 24.202.91.43 log (630 matches)
    deny ip any host 24.206.75.137 log (490 matches)
    deny ip any host 24.197.143.132 log (664 matches)
    deny ip any host 12.158.102.205 log (488 matches)
    deny ip any host 24.33.66.38 log (685 matches)
    deny ip any host 218.147.164.29 log (475 matches)
    deny ip any host 12.232.104.221 log (646 matches)
    deny ip any host 68.50.208.96 log (519 matches)

Alex

----- Original Message ----- 
From: "Rowan Crowe" <rowan@sensation.net.au>
To: <freebsd-isp@freebsd.org>
Sent: Friday, August 22, 2003 6:11 PM
Subject: sobig effects - batten down the hatches


> Has anyone seen any effects of the "second phase" of sobig? According to
> the article, sobig infected computers should have started downloading and
> executing files en masse around 2 hours ago.
> 
> http://www.f-secure.com/news/items/news_2003082200.shtml
> 
> If it works it sounds like it's going to be incredibly ugly.
> 
> 
> --
> Rowan Crowe - Melbourne, Australia
> 
> _______________________________________________
> freebsd-isp@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?047a01c368f2$d0a933f0$0d3f11c8>