Hi,
my 3 servers in my personal serverfarm are all listed in the ch.pool.ntp.org
zone. As I think there are also other SwiNOG people running ntpd's for that
project. For about 36 hours my firewall log is growing and growing, looks like a
distributed attack from a botnet. Has anyone the same problem?
Any idea what could be done? I mean - it's not really disturbing yet, but
strange.
Here the log analysis from one of the machines:
http://aphrodite.uid0.ch/fwanalog/today.html
Thank you for your comments...
Regards,
--
.''`. Mario Iseli <mario(a)debian.org>
: :' : Debian GNU/Linux developer
`. `'`
`- Debian - when you have better things to do than fixing a system
> No-one is likely to use uceprotect level3 to block emails, but they
> might very well use it for scoring.
>
>
> /Per Jessen, Herrliberg
every AS with residential broadband users in it will get easily into that list, so what's the value of it?
All,
I've got a guy working from home in his house in France, not far from
Basel. I think he has an ADSL line with wanadoo.fr. He's connected to
our exchange over VoIP using SIP.
Last week the line quality was perfectly fine, but starting yesterday
it's been terrible. I looked at a traceroute, and it appears that his
connection from wanadoo.fr to our line (easynet) is routed via UK, New
York, London and Frankfurt, which produces awful delays.
For the moment, I've asked easynet support to help, but I was just
wondering what you guys would do with a case like this?
/Per Jessen, Herrliberg
--
http://www.spamchek.com/ - your spam is our business.
Hi there
We have some Problems with the UCEProtect.net blacklist.
He lists some Subnets and AS who dosnt send Spam from us Customers...
e.g. the AS6730 (Sunrise) a lot of us costumers using this Provider have
Problem on E-Mail Services.
But really Spammers are not listed :D
Maybe the Blacklists add some subnets of Big Companys, cause for
delisting you need to pay some money...
dnsstuff.com uses this blacklist in the lookup tool
i dont know how many providers using this list.
Anyone there know more about this Blacklist?
The Service is Provided by admins.ws
and for the fun try www.admins.ws/../../etc/passwd
Marco
--
For list-off Contact use: silicium (-at-) natural-geek.org
PGP: 49F8 C29E 4F4E E438 BD69 0BCE D1DA 4B0C 7C32 C715
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS d-- s-:- a-- C++ UL+++ P-- L+++ E--- W++ N+ o K- w--
O-- M V- PS+++ PE++ Y+ PGP++ t 5 X++ R tv- b+ DI-- D+
G++ e+ h++ r y+
------END GEEK CODE BLOCK------
rustine:/etc/smokeping# traceroute 62.202.14.193
traceroute to 62.202.14.193 (62.202.14.193), 30 hops max, 40 byte packets
1 fa0-0.rt1.plo1.dfinet.net (195.70.0.65) 1.500 ms 0.675 ms 0.875 ms
2 fa0-6.sw-bb2.cc.dfinet.net (195.70.11.1) 1.093 ms 1.556 ms 0.847 ms
3 gi0-1.rt-b1.cc.dfinet.net (195.70.0.3) 1.117 ms 1.020 ms 0.847 ms
4 POS8-1-0.GW2.GVA2.ALTER.NET (146.188.70.101) 2.361 ms 1.036 ms 1.503 ms
5 GigabitEthernet3-0.CR3.GVA2.ALTER.NET (146.188.6.5) 0.998 ms 2.059 ms 0.921 ms
6 so-2-2-0.XR1.ZUR4.ALTER.NET (146.188.2.85) 5.754 ms 4.690 ms 5.358 ms
7 so-2-0-0.TL2.ZUR3.ALTER.NET (146.188.3.97) 5.090 ms 4.691 ms 4.775 ms
8 so-4-0-0.IR1.NYC12.ALTER.NET (146.188.3.201) 91.318 ms 91.107 ms 91.291 ms
9 0.so-0-2-0.IL3.NYC9.ALTER.NET (152.63.23.57) 91.972 ms 92.164 ms 92.144 ms
10 0.so-7-0-0.XL3.NYC4.ALTER.NET (152.63.10.21) 91.724 ms 91.529 ms 91.444 ms
11 510.ATM6-0.IG4.NYC4.ALTER.NET (152.63.20.57) 91.472 ms 91.618 ms 91.574 ms
12 swisscom-oc3-gw.customer.alter.net (157.130.219.226) 95.619 ms 95.028 ms 94.691 ms
13 i79zhb-005-pos4-0.bb.ip-plus.net (138.187.159.5) 221.616 ms 209.767 ms 216.794 ms
14 tge3-3.bwrt1inb.bluewin.ch (195.186.0.113) 98.431 ms 98.851 ms 98.780 ms
15 if98.ip-plus.bluewin.ch (195.186.0.98) 98.910 ms 98.789 ms 99.633 ms
16 ge0-1.bwrtrip1zhb.bluewin.ch (195.186.120.178) 98.896 ms 98.716 ms 98.524 ms
17 ge0-2.bwrtrip1zhh.bluewin.ch (195.186.55.226) 98.790 ms 98.805 ms 99.091 ms
18 ge0-2.bwadf2zhh.bluewin.ch (195.186.122.131) 99.276 ms 100.072 ms 99.006 ms
19 193.14.202.62.fix.bluewin.ch (62.202.14.193) 111.280 ms 112.007 ms 111.729 ms
20 * * *
behave yourself, boys!
--
Philippe Strauss
av. de Beaulieu 25
1004 Lausanne
http://philou.ch