anti-spam vs network abuse

Paul Vixie vixie at vix.com
Sat Mar 1 16:58:22 UTC 2003 

jlewis at lewis.org writes:

> When I hooked up my first server on the internet back in 1993, I was kind 
> of shocked that some far away stranger was trying to log into my POP3 
> server.  Unwanted connections have been a fact of life on the internet 
> probably since its beginning.  

here's a sample of current SMTP activity in unused parts of ISC's netblocks:

> [211.59.151.211] -> [204.152.191.97] hanmir.com <2247kocci1 at hanmir.com> (136)
> <coscard02 at hanmail.net>
> --
> Message-ID: <90400-22003242705510905 at hanmir.com>
> X-EM-Version: 6, 0, 0, 4
> X-EM-Registration: #0010630410721500AB30
> Reply-To: kocci1 at hanmir.com
> From: "coscard01" <2247kocci1 at hanmir.com>
> To: coscard02 at hanmail.net
> Subject: 204.152.191.97
> Date: Thu, 27 Feb 2003 09:55:10 +0900
> MIME-Version: 1.0
> Content-Type: text/html; charset=KS_C_5601-1987
> Content-Transfer-Encoding: quoted-printable
> 
> [211.59.151.211] -> [204.152.191.98] hanmir.com <2249kocci1 at hanmir.com> (136)
> <coscard02 at hanmail.net>
> --
> Message-ID: <226480-2200324270551115 at hanmir.com>
> X-EM-Version: 6, 0, 0, 4
> X-EM-Registration: #0010630410721500AB30
> Reply-To: kocci1 at hanmir.com
> From: "coscard01" <2249kocci1 at hanmir.com>
> To: coscard02 at hanmail.net
> Subject: 204.152.191.98
> Date: Thu, 27 Feb 2003 09:55:11 +0900
> MIME-Version: 1.0
> Content-Type: text/html; charset=KS_C_5601-1987
> Content-Transfer-Encoding: quoted-printable
> 
> [211.59.151.211] -> [204.152.191.99] hanmir.com <2249kocci1 at hanmir.com> (136)
> <coscard02 at hanmail.net>
> --
> Message-ID: <67290-22003242705511155 at hanmir.com>
> X-EM-Version: 6, 0, 0, 4
> X-EM-Registration: #0010630410721500AB30
> Reply-To: kocci1 at hanmir.com
> From: "coscard01" <2249kocci1 at hanmir.com>
> To: coscard02 at hanmail.net
> Subject: 204.152.191.99
> Date: Thu, 27 Feb 2003 09:55:11 +0900
> MIME-Version: 1.0
> Content-Type: text/html; charset=KS_C_5601-1987
> Content-Transfer-Encoding: quoted-printable

here's the "sort | uniq -c | sort -nr" output from the last two weeks:

> 757266 210.218.176.100
> 126472 210.105.112.100
> 2032 211.59.151.211
> 1261 218.49.187.136
>  780 219.248.155.57
>  508 211.49.94.75
>  508 211.49.94.211
>  508 211.49.94.118
>  508 211.194.117.174
>  506 218.49.187.184
>  378 211.49.94.238
>  252 218.49.187.176
>  221 61.75.215.47
>  214 61.61.28.159
>  118 61.254.207.114
>    6 62.79.90.71
>    4 217.226.92.40
>    3 80.130.52.180
>    3 217.226.91.5
>    2 80.130.54.82
>    2 217.226.91.68
>    2 217.226.82.168
>    1 62.79.110.122
>    1 217.226.85.181
>    1 217.226.83.80

i don't think this is, ever was, or will be allowed to be, a fact of my life.
-- 
Paul Vixie

More information about the NANOG mailing list