From owner-freebsd-isp@FreeBSD.ORG Fri Aug 22 14:17:50 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7659616A4BF for ; Fri, 22 Aug 2003 14:17:50 -0700 (PDT) Received: from bellana.nc-rj.rnp.br (bellana.nc-rj.rnp.br [200.17.63.130]) by mx1.FreeBSD.org (Postfix) with SMTP id E723C43FCB for ; Fri, 22 Aug 2003 14:17:43 -0700 (PDT) (envelope-from alex@rnp.br) Received: (qmail 8186 invoked by uid 0); 22 Aug 2003 21:17:39 -0000 Received: from kira.nc-rj.rnp.br (200.17.63.90) by 0 with SMTP; 22 Aug 2003 21:17:39 -0000 Received: (qmail 44161 invoked by uid 0); 22 Aug 2003 21:17:38 -0000 Received: from chiclete.nc-rj.rnp.br (HELO chiclete) (200.17.63.13) by 0 with SMTP; 22 Aug 2003 21:17:38 -0000 Message-ID: <047a01c368f2$d0a933f0$0d3f11c8@ncrj.rnp.br> From: "Alex Soares de Moura" To: References: Date: Fri, 22 Aug 2003 18:17:38 -0300 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Re: sobig effects - batten down the hatches X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Aug 2003 21:17:50 -0000 Yes, we've applied ACLs to some destinations known it would try to access and in the programmed time, we started to get hits on the ACLs: deny ip any host 67.73.21.6 log (558 matches) deny ip any host 68.38.159.161 log (470 matches) deny ip any host 67.9.241.67 log (593 matches) deny ip any host 66.131.207.81 log (460 matches) deny ip any host 65.177.240.194 log (623 matches) deny ip any host 65.93.81.59 log (441 matches) deny ip any host 65.95.193.138 log (622 matches) deny ip any host 65.92.186.145 log (478 matches) deny ip any host 63.250.82.87 log (644 matches) deny ip any host 65.92.80.218 log (459 matches) deny ip any host 61.38.187.59 log (621 matches) deny ip any host 24.210.182.156 log (498 matches) deny ip any host 24.202.91.43 log (630 matches) deny ip any host 24.206.75.137 log (490 matches) deny ip any host 24.197.143.132 log (664 matches) deny ip any host 12.158.102.205 log (488 matches) deny ip any host 24.33.66.38 log (685 matches) deny ip any host 218.147.164.29 log (475 matches) deny ip any host 12.232.104.221 log (646 matches) deny ip any host 68.50.208.96 log (519 matches) Alex ----- Original Message ----- From: "Rowan Crowe" To: Sent: Friday, August 22, 2003 6:11 PM Subject: sobig effects - batten down the hatches > Has anyone seen any effects of the "second phase" of sobig? According to > the article, sobig infected computers should have started downloading and > executing files en masse around 2 hours ago. > > http://www.f-secure.com/news/items/news_2003082200.shtml > > If it works it sounds like it's going to be incredibly ugly. > > > -- > Rowan Crowe - Melbourne, Australia > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >