Re: sobig effects - batten down the hatches

From: Alex Soares de Moura (alex_at_rnp.br)
Date: 08/22/03

  • Next message: Rowan Crowe: "Re: sobig effects - batten down the hatches" 
    To: <freebsd-isp@freebsd.org>
Date: Fri, 22 Aug 2003 18:17:38 -0300

    Yes, we've applied ACLs to some destinations known it would try
    to access and in the programmed time, we started to get hits on the
    ACLs:

        deny ip any host 67.73.21.6 log (558 matches)
        deny ip any host 68.38.159.161 log (470 matches)
        deny ip any host 67.9.241.67 log (593 matches)
        deny ip any host 66.131.207.81 log (460 matches)
        deny ip any host 65.177.240.194 log (623 matches)
        deny ip any host 65.93.81.59 log (441 matches)
        deny ip any host 65.95.193.138 log (622 matches)
        deny ip any host 65.92.186.145 log (478 matches)
        deny ip any host 63.250.82.87 log (644 matches)
        deny ip any host 65.92.80.218 log (459 matches)
        deny ip any host 61.38.187.59 log (621 matches)
        deny ip any host 24.210.182.156 log (498 matches)
        deny ip any host 24.202.91.43 log (630 matches)
        deny ip any host 24.206.75.137 log (490 matches)
        deny ip any host 24.197.143.132 log (664 matches)
        deny ip any host 12.158.102.205 log (488 matches)
        deny ip any host 24.33.66.38 log (685 matches)
        deny ip any host 218.147.164.29 log (475 matches)
        deny ip any host 12.232.104.221 log (646 matches)
        deny ip any host 68.50.208.96 log (519 matches)

    Alex

    ----- Original Message -----
    From: "Rowan Crowe" <rowan@sensation.net.au>
    To: <freebsd-isp@freebsd.org>
    Sent: Friday, August 22, 2003 6:11 PM
    Subject: sobig effects - batten down the hatches

    > Has anyone seen any effects of the "second phase" of sobig? According to
    > the article, sobig infected computers should have started downloading and
    > executing files en masse around 2 hours ago.
    >
    > http://www.f-secure.com/news/items/news_2003082200.shtml
    >
    > If it works it sounds like it's going to be incredibly ugly.
    >
    >
    > --
    > Rowan Crowe - Melbourne, Australia
    >
    > _______________________________________________
    > freebsd-isp@freebsd.org mailing list
    > http://lists.freebsd.org/mailman/listinfo/freebsd-isp
    > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
    >
    _______________________________________________
    freebsd-isp@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-isp
    To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

  • Next message: Rowan Crowe: "Re: sobig effects - batten down the hatches"

    Relevant Pages

    • site-to-site VPN between a 1721 and a 857
      ... host 10.241.151.1 255.255.255.0 ... remark IPSec Rule ... access-list 100 deny ip host 255.255.255.255 any ...
      (comp.dcom.sys.cisco)
    • Rate limiting MYsql (Port 3310)
      ... ip cef accounting per-prefix prefix-length ... ip host tardis 204.209.81.2 ... access-list 101 permit tcp any 204.209.81.0 0.0.0.255 ... access-list 102 deny ip 119.30.128.0 0.0.63.255 any ...
      (comp.dcom.sys.cisco)
    • Why is it not funtioning?
      ... crypto pki certificate chain TP-self-signed-xxxxxxxxxx ... interface FastEthernet0 ... deny ip any host 172.27.0.1 ...
      (comp.dcom.sys.cisco)
    • CISCO 851 -VPN CLIENT
      ... I would like to test a VPN connection with a cisco 851 and a remote PC ... ip nat inside source route-map RMAP_NAVIGAZIONE interface FastEthernet4 ... access-list 100 deny ip any host 172.24.50.211 ...
      (comp.dcom.sys.cisco)
    • One router and 2 DSL lines
      ... authentication login userlist local ... udp host 145.7.191.18 eq ntp host 172.20.1.222 eq ntp ... permit ip host 172.20.1.3 any ... access-list 101 deny ip 10.21.23.0 0.0.0.255 any ...
      (comp.dcom.sys.cisco)