LinuxSA Mailing list archives

Index: [thread] [date] [subject] [author]

  From: Neil Ridley <n.ridley@SACBH.com.au>
  To  : 'linuxsa@linuxsa.org.au' <linuxsa@linuxsa.org.au>
  Date: Wed, 31 Mar 1999 12:31:21 +0930

FW: Returned mail: User unknown

>Here are the details on who's server the attack came from for interest sake!
>They have stopped now but I wonder what they where trying to achieve..	
>
>Here are the logs of traffic:
> Source		  Destination			 Packets	  Bytes
> 192.153.50.88    192.207.119.6                   48               10992
> 192.153.50.77    192.207.119.6                   55                2420
> 192.153.50.18    192.207.119.6                  129                9804
> 192.153.50.28    192.207.119.6                  456              100488
> 192.153.50.48    192.207.119.6                   55               13420
> 192.153.50.38    192.207.119.6                  220               17160
> 192.153.50.46    192.207.119.6                   55               12595
> 192.153.50.43    192.207.119.6                   54               13392
> 192.153.50.88    192.207.119.6                   48               10992
> 192.153.50.77    192.207.119.6                   55                2420
> 192.153.50.18    192.207.119.6                  169               12844
> 192.153.50.28    192.207.119.6                  631              138845
> 192.153.50.53    192.207.119.6                    4                 964
> 192.153.50.48    192.207.119.6                   55               13420
> 192.153.50.38    192.207.119.6                  220               17160
> 192.153.50.46    192.207.119.6                   55               12595
> 192.153.50.43    192.207.119.6                   54               13392
> 192.153.50.88    192.207.119.6                   48               10992
> 192.153.50.77    192.207.119.6                   55                2420
>
>The admin contacts for the source addresses are below:
>
>$ whois -h whois.arin.net 192.153.50.0
>Sherpa Corp (NET-NET-SHERPA2)
>   611 River Oaks Prky
>   San Jose, CA 95134
>
>   Netname: NET-SHERPA2
>   Netnumber: 192.153.50.0
>
>   Coordinator:
>      Handa, Vivek  (VH53-ARIN)  VIVEKH@SHERPA.COM
>      (408) 433-0455
>
>   Domain System inverse mapping provided by:
>
>   SHERPA.COM                   192.153.50.93
>
>   Record last updated on 16-Mar-94.
>   Database last updated on 30-Mar-99 16:13:19 EDT.
>
>The ARIN Registration Services Host contains ONLY Internet
>Network Information: Networks, ASN's, and related POC's.
>Please use the whois server at rs.internic.net for DOMAIN related
>Information and nic.mil for NIPRNET Information.
>
>
>
>
><<File: ATT00486.att>><<Message: **SEXY SWEET YOUNG JAPAN...>>
>
>      Just wondering, if some one knows what this or how I would go
>about stopping this it is a flooding attempt on our 	firewall at
>current.
>
>I'm sorry if this is off topic! I just need some help. 
>
>>----------
>>From: 	Mail Delivery Subsystem[SMTP:MAILER-DAEMON@aol.com]
>>Sent: 	Wednesday, 31 March 1999 10:25
>>To: 	mcii@sacbh.com.au
>>Subject: 	Returned mail: User unknown
>>
>>  
>>The original message was received at Tue, 30 Mar 1999 19:54:44 -0500 (EST)
>>from [210.8.38.2]
>>
>>
>>*** ATTENTION ***
>>
>>Your e-mail is being returned to you because there was a problem with its
>>delivery.  The AOL address which was undeliverable is listed in the section
>>labeled: "----- The following addresses had permanent fatal errors -----".
>>
>>The reason your mail is being returned to you is listed in the section
>>labeled: "----- Transcript of Session Follows -----".
>>
>>The line beginning with "<<<" describes the specific reason your e-mail
>>could
>>not be delivered.  The next line contains a second error message which is a
>>general translation for other e-mail servers.
>>
>>Please direct further questions regarding this message to your e-mail
>>administrator.
>>
>>--AOL Postmaster
>>
>>
>>
>>   ----- The following addresses had permanent fatal errors -----
>><algore000@aol.com>
>><alla111@aol.com>
>><abidjim@aol.com>
>><a1987s1@aol.com>
>><ajfcats@aol.com>
>><aknidlberg@aol.com>
>><algore2k@aol.com>
>><aknidmyle@aol.com>
>>
>>   ----- Transcript of session follows -----
>>... while talking to air-yb04.mail.aol.com.:
>>>>> RCPT To:<aknidmyle@aol.com>
>><<< 550 MAILBOX NOT FOUND
>>550 <aknidmyle@aol.com>... User unknown
>>>>> RCPT To:<algore2k@aol.com>
>><<< 550 MAILBOX NOT FOUND
>>550 <algore2k@aol.com>... User unknown
>>>>> RCPT To:<aknidlberg@aol.com>
>><<< 550 MAILBOX NOT FOUND
>>550 <aknidlberg@aol.com>... User unknown
>>>>> RCPT To:<ajfcats@aol.com>
>><<< 550 MAILBOX NOT FOUND
>>550 <ajfcats@aol.com>... User unknown
>>>>> RCPT To:<a1987s1@aol.com>
>><<< 550 MAILBOX NOT FOUND
>>550 <a1987s1@aol.com>... User unknown
>>>>> RCPT To:<abidjim@aol.com>
>><<< 550 MAILBOX NOT FOUND
>>550 <abidjim@aol.com>... User unknown
>>>>> RCPT To:<alla111@aol.com>
>><<< 550 MAILBOX NOT FOUND
>>550 <alla111@aol.com>... User unknown
>>>>> RCPT To:<algore000@aol.com>
>><<< 550 MAILBOX NOT FOUND
>>550 <algore000@aol.com>... User unknown
>>
>>
>
>
>

-- 
Check out the LinuxSA web pages at http://www.linuxsa.org.au/
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject

Index: [thread] [date] [subject] [author]

Return to the LinuxSA Mailing List Information Page