Re: Disabling QAZ (was Re: Port 139 scans)
29 Sep
2000
29 Sep
'00
4:12 p.m.
On Fri, 29 Sep 2000, Mike Lewinski wrote:
the e-mail or not. I believe that this SMTP isn't actually responsible for _any_ legitimate mail, a check on MX records for yeah.net shows that it's not listed there. Perhaps the attackers have modified the MTA itself now to hide their tracks, making it look like that address has been disabled (the virus doesn't know this, and will keep trying to send at every reboot, btw).
How about asking the tier1's to null0 route that chinese MTA? We are blocking 139/tcp and 7597/tcp on our borders. -Dan
8851
Age (days ago)
8851
Last active (days ago)
0 comments
1 participants
participants (1)
-
Dan Hollis