We must be famous. We are being distributed bot-attacked by someone/thing. They are trying to knock over our mail system.
Some of the bad IPs are here: 126.96.36.199, 188.8.131.52, and 184.108.40.206. Lots of others. For laughs:
whois 220.127.116.11 [Querying whois.arin.net] [whois.arin.net] AT&T WorldNet Services ATT (NET-12-0-0-0-1) 18.104.22.168 - 22.214.171.124 ATT MIS IP-WCS OPERATIONS CTRS ATT-MIS-44-55 (NET-12-154-55-0-1) 126.96.36.199 - 188.8.131.52 # ARIN WHOIS database, last updated 2007-01-11 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database.
I even dug (literally) deeper, but I won’t cut and paste that here. I leave that as an exercise to the gentle reader.
A quick nmap of one the machines shows it to be likely to be a poorly configured linux box. Another one seems to be a locked down linux box. Probably used as a router.
Sure, the IPs could have been spoofed.
What a wonderful place the internet is becoming ….
Viewed 7605 times by 1435 viewers