nanog mailing list archives
Re: Disabling QAZ (was Re: Port 139 scans)
From: Dan Hollis <goemon () sasami anime net>
Date: Fri, 29 Sep 2000 13:12:45 -0700 (PDT)
On Fri, 29 Sep 2000, Mike Lewinski wrote:
the e-mail or not. I believe that this SMTP isn't actually responsible for _any_ legitimate mail, a check on MX records for yeah.net shows that it's not listed there. Perhaps the attackers have modified the MTA itself now to hide their tracks, making it look like that address has been disabled (the virus doesn't know this, and will keep trying to send at every reboot, btw).
How about asking the tier1's to null0 route that chinese MTA? We are blocking 139/tcp and 7597/tcp on our borders. -Dan
Current thread:
- Re: Disabling QAZ (was Re: Port 139 scans) Dan Hollis (Sep 29)
- <Possible follow-ups>
- RE: Disabling QAZ (was Re: Port 139 scans) Carter, Gregory (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Dan Hollis (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Dana Hudes (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Alex Bligh (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Ben Browning (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Roland Dobbins (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Bennett Todd (Sep 30)
- Re: Disabling QAZ (was Re: Port 139 scans) Dana Hudes (Sep 29)
- RE: Disabling QAZ (was Re: Port 139 scans) Roeland M.J. Meyer (Sep 29)
- RE: Disabling QAZ (was Re: Port 139 scans) Dana Hudes (Sep 29)
- RE: Disabling QAZ (was Re: Port 139 scans) Dan Hollis (Sep 29)
- RE: Disabling QAZ (was Re: Port 139 scans) Dana Hudes (Sep 29)