nanog mailing list archives

Re: Port 139 scans

From: Dan Hollis <goemon () sasami anime net>
Date: Wed, 27 Sep 2000 11:58:26 -0700 (PDT)


On Wed, 27 Sep 2000, Jason Slagle wrote:

On a somewhat related note, since we obviously have AOL people living and
they now own ICQ.  irc.icq.com has been used for weeks for these kiddies
to store various ddos clients on.  Take a look at #0wned.  All compromised
machines.  There are no live opers to deal with it, and emails to
ircsupport () icq com go unanswered.
Is there any way we can deal with things like this?


Route irc.icq.com to null0. If enough networks do this (or better, if
tier1's do), maybe icq will get their head out of their ass and do
something about it.

-Dan

Current thread:

Re: Disabling QAZ (was Re: Port 139 scans), (continued)
- - - Re: Disabling QAZ (was Re: Port 139 scans) John Fraizer (Sep 29)
    - Re: Disabling QAZ (was Re: Port 139 scans) Dana Hudes (Sep 29)
    - Re: Disabling QAZ (was Re: Port 139 scans) Mike Lewinski (Sep 29)
    - Re: Disabling QAZ (was Re: Port 139 scans) Jason Slagle (Sep 30)
    - Re: Disabling QAZ (was Re: Port 139 scans) Travis Pugh (Sep 30)
    - Re: Disabling QAZ (was Re: Port 139 scans) Jason Slagle (Sep 30)
    - Re: Disabling QAZ (was Re: Port 139 scans) John Fraizer (Sep 29)
    - Re: Disabling QAZ (was Re: Port 139 scans) Mike Lewinski (Sep 29)
    - Message not available
    - Re: Port 139 scans Ben Browning (Sep 27)
    - Re: Port 139 scans Jason Slagle (Sep 27)
    - Re: Port 139 scans Dan Hollis (Sep 27)
    - Re: Port 139 scans Kai Schlichting (Sep 27)
    - Re: Port 139 scans Jared Mauch (Sep 27)