When bots attack

We must be famous. We are being distributed bot-attacked by someone/thing. They are trying to knock over our mail system.

Some of the bad IPs are here: 67.90.119.98, 195.50.165.22, and 12.154.55.44. Lots of others. For laughs:

whois 12.154.55.44
[Querying whois.arin.net]
[whois.arin.net]
AT&T WorldNet Services ATT (NET-12-0-0-0-1)
                                  12.0.0.0 - 12.255.255.255
ATT MIS IP-WCS OPERATIONS CTRS ATT-MIS-44-55 (NET-12-154-55-0-1)
                                  12.154.55.0 - 12.154.55.255

# ARIN WHOIS database, last updated 2007-01-11 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

I even dug (literally) deeper, but I won’t cut and paste that here. I leave that as an exercise to the gentle reader.

A quick nmap of one the machines shows it to be likely to be a poorly configured linux box. Another one seems to be a locked down linux box. Probably used as a router.

Sure, the IPs could have been spoofed.

What a wonderful place the internet is becoming ….

Viewed 5906 times by 1064 viewers

Facebooktwittergoogle_plusredditpinterestlinkedinmail