Date: Mon, 25 May 1998 14:30:32 -0700 (PDT) From: Roger Marquis <marquis@roble.com> To: Karl Pielorz <kpielorz@tdx.co.uk> Cc: isp@FreeBSD.ORG Subject: Re: SMTP Relay probing - Should I follow up - advice? Message-ID: <Pine.SUN.3.96.980525135111.5127J-100000@roble.com> In-Reply-To: <199805251511.IAA02882@hub.freebsd.org>
index | next in thread | previous in thread | raw e-mail
On Mon, 25 May 1998, Jonathan M. Bresler wrote: > why dont you tell su where the scans came from > we can all block connects from that range of ip addresses, > if it proves to be a spammers dedicated ip address range We see these from time to time too. The most you can do without risk of over-reacting is follow-up with a note to the upstream provider. Typically they'll have an "abuse" account i.e., abuse@mci.net specifically for this. If that doesn't stop the probing then it's only due diligence to add them to your filters, either within sendmail 8.85+ or at the router (you DO have both don't you?). Here are a few worthy of note: 141.63.64.94 phf hacker, scanner 199.203.214 Elron Technologies (NETBLK-ELRON-C-BLK1) 202.217.200 INTELLIGENT TELECOM INC, ad.jp 204.157.255 Harris Marketing (NETBLK-SAVOYNET-BLK-204-157), AGIS/Net99 205.231.112 UUNET Technologies, Inc. (NETBLK-UUNETCBLK228) 205.240.148 Phoenix Data Systems (NETBLK-SPRINT-CDF097) 206.50.195 DMPL Infomart - Dallas (NETBLK-ONRAMP-DMPL) ONRAMP-DMPL 207.14.174.51 Globalkey, Inc. (NETBLK-SPRINT-CF0EAF) 208.199.92.16 Publicity Providers, Inc. (NETBLK-UU-208-199-92) Roger Marquis To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the messagehome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SUN.3.96.980525135111.5127J-100000>