BLOCK ON SIGHT
Examples of Block on site IP's attempting Proxy Hijacking Attempts:
202.155.36.178� [000000A2] Fri, 12 Nov 2004 12:36:51 -0400 Connected
202.155.36.178� [000000A2] Fri, 12 Nov 2004 12:36:51 -0400 >>> 220-mail2.wwbcity.net ESMTP Merak 4.4.2; Fri, 12 Nov 2004 12:36:51 -0400
202.155.36.178� [000000A2] Fri, 12 Nov 2004 12:36:51 -0400 <<< POST / HTTP/1.0
202.155.36.178� [000000A2] Fri, 12 Nov 2004 12:36:51 -0400 >>> 502 5.5.1 Command unrecognized: "POST / HTTP/1.0"
202.155.36.178� [000000A2] Fri, 12 Nov 2004 12:36:51 -0400 <<< Via: 1.0 PROXY
202.155.36.178� [000000A2] Fri, 12 Nov 2004 12:36:51 -0400 >>> 502 5.5.1 Command unrecognized: "Via: 1.0 PROXY"
202.155.36.178� [000000A2] Fri, 12 Nov 2004 12:36:51 -0400 <<< Host: mail2.wwbcity.net:25
202.155.36.178� [000000A2] Fri, 12 Nov 2004 12:36:51 -0400 >>> 421 4.0.0� Too many bad commands from [202.155.36.178]
SYSTEM� � � � � � � � � [000000A2] Fri, 12 Nov 2004 12:36:51 -0400 DisconnectedSolution : Block a minimum of a Class "C" in Firewall
Recommendation : Block all adresses starting with 202 ( 202.0.0.0 thru 202.255.255.255 )
We have had to drop the following range of IP's into our Firewalls as it appears that the lacked of security provided by the network facilitates many attack attempts from this class of Ip's. Companies who allow this type of attacks to persist are not areas of the internet that we choose to have dealings with.
66.232.144.0 - 66.232.147.255
Click here to see who the toothless wonders at the Arin monopoly allocated the IP's to.
Click here to see if there are other issues listed in Google news groups
Click here to see if there are other issues listed in Google news groups for the company that has this allocation.
