From owner-freebsd-isp@FreeBSD.ORG Fri Aug 22 16:06:53 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DF99116A4BF for ; Fri, 22 Aug 2003 16:06:53 -0700 (PDT) Received: from joseph.outreachnetworks.com (joseph.outreachnetworks.com [65.196.249.147]) by mx1.FreeBSD.org (Postfix) with SMTP id CEC9843F75 for ; Fri, 22 Aug 2003 16:06:52 -0700 (PDT) (envelope-from elh@outreachnetworks.com) Received: (qmail 81149 invoked from network); 22 Aug 2003 23:06:51 -0000 Received: from joseph.outreachnetworks.com (HELO preacher.outreachnetworks.com) (65.196.249.147) by joseph.outreachnetworks.com with SMTP; 22 Aug 2003 23:06:51 -0000 Received: by preacher.outreachnetworks.com (sSMTP sendmail emulation); Fri, 22 Aug 2003 19:06:51 -0400 Date: Fri, 22 Aug 2003 19:06:51 -0400 From: "Eric L. Howard" To: freebsd-isp@freebsd.org Message-ID: <20030822230650.GB2990@outreachnetworks.com> Mail-Followup-To: freebsd-isp@freebsd.org References: <047a01c368f2$d0a933f0$0d3f11c8@ncrj.rnp.br> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Favorite-Scripture: Romans 8:18 X-Theocratic-Rule-Advocate: http://www.crossmovement.com X-Registered-Secret-Agent: Agent Double-Naught Seven X-Operating-System: Linux 2.4.21 User-Agent: Mutt/1.5.4i Subject: Re: sobig effects - batten down the hatches X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Aug 2003 23:06:54 -0000 At a certain time, now past [Aug.23.2003-07:25:47AM +1000], rowan@sensation.net.au spake thusly: > On Fri, 22 Aug 2003, Alex Soares de Moura wrote: > > > Yes, we've applied ACLs to some destinations known it would try > > to access and in the programmed time, we started to get hits on the > > ACLs: > > > > deny ip any host 67.73.21.6 log (558 matches) > > deny ip any host 68.38.159.161 log (470 matches) [....] > > Hi Alex: > > Where did you get this list of IPs? How long ago did you see the accesses > start? I've been hunting around google and news sites, but so far I can't > find any articles that say anything more than "it will happen" ... > > Cheers. http://xforce.iss.net/xforce/alerts/id/151 scroll down to the bottom. The list of IPs hit the NANOG mailing list a little while ago and a lot of networks have null-routed the IPs already. ~elh -- Eric L. Howard e l h @ o u t r e a c h n e t w o r k s . c o m ------------------------------------------------------------------------ www.OutreachNetworks.com 313.297.9900 ------------------------------------------------------------------------ JabberID: elh@jabber.org Advocate of the Theocratic Rule