On Mon, 16 Nov 1998, TTSG wrote:
My big carrot stick (I'm a veggie, so I don't eat beef) is that if the person was connected to the box (And it wasn't just a script running) we could have done more tracing.
If they weren't, we could atleast try to find out how/what they were doing and see if there is a new advisory that should be published.
Now we have to deal with AFTER the fact, instead of IN-PROGRESS.
Tuc/TTSG
Who knows if they actually maintained a connection to the box, but from my view it would have had to have been an totally automated (or nearly so) setup. Given the volume of the attempts and the number of sites hit. Domains selected for the hit would appear to be automated as well, perhaps on somthing like domains with a user on this list. This is about the only quality my systems share with most of those in here. (Small Alaskan ISP with fewer customers than some of you have employees, and even my primary DNS got hit (though not MX))