Thu Feb 15 17:45:52 UTC 2007
If you run a public DCC server and missives like the enclosed to your upstream providers might causes questions or concerns, you might want to firewall 22.214.171.124/29. Because of similar complaints months ago sent upstrem of several of the public DCC servers, I added 126.96.36.199/29 to the blacklist used by the public DCC servers and visible at http://www.dcc-servers.net/dcc/client-blacklist.html I think those complaints concerned the DCC/UDP/IP responses to this person's DCC requests. Those complaints were equivalent to the ever popular cry that "Your UDP port 53 is hacking my system!" sent to DNS server operators. The Public DCC server blacklist entry stopped most of those complaints, because they cause the public DCC servers to ignore packets from this person's DCC clients. I think these new complaints result from ICMP Port Unreachable messages sent by public DCC servers when the server process is not listening, such as when it is turned off some reason. Vernon Schryver firstname.lastname@example.org P.S. Yes, some public DCC server operators contacted this person directly when he first started sending his complaints. > From email@example.com Sat Feb 10 02:17:46 2007 > Received: from fgb-mail.fgb.ae (fgb-mail.fgb.ae [188.8.131.52]) > by calcite.rhyolite.com (8.14.0/8.14.0) with ESMTP id l1A9HdNu085211 > for <firstname.lastname@example.org> env-from <email@example.com>; > Sat, 10 Feb 2007 02:17:42 -0700 (MST) > Content-class: urn:content-classes:message > MIME-Version: 1.0 > Content-Type: multipart/alternative; > boundary="----_=_NextPart_001_01C74CF4.535C26F3" > X-MimeOLE: Produced By Microsoft Exchange V6.5 > Subject: External Incidence Reporting - Incident No - 200702/0127 > Date: Sat, 10 Feb 2007 13:17:44 +0400 > Message-ID: <021FA82E86D339458F0D85C3A47AB13E74623B@homail1.fgb.ae> > X-MS-Has-Attach: > X-MS-TNEF-Correlator: > Thread-Topic: External Incidence Reporting - Incident No - 200702/0127 > Thread-Index: AcdM9FKibe5n7u5EScighX8jse4wxA== > From: "Incidence" <firstname.lastname@example.org> > Sender: "Naveed Pasha" <email@example.com> > To: <firstname.lastname@example.org> > Received-SPF: none > This is a multi-part message in MIME format. > > ------_=_NextPart_001_01C74CF4.535C26F3 > Content-Type: text/plain; > charset="us-ascii" > Content-Transfer-Encoding: quoted-printable > > External Incidence reporting > > =20 > > Date of reporting - 10 February 2007 > > Incident No - 200702/0127 > > Domain Name - fgb.ae > > =20 > > Attacker's ip Address: 184.108.40.206 > > =20 > > ISP e-mail address: email@example.com > > =20 > > Country: USA > > =20 > > Log details > > > Excessive amount of TCP / UDP / ICMP scans were detected from mentioned > IP. > > =20 > > We observed in our system log that the above mentioned ip address had > tried to make unauthorized access attempt to the web-server. We hereby > bring to your notice the unauthorized activity of the user. Request you > to provide information of the user to the bank, so that action could be > initiated against user as per law of UAE or any other countries > applicable laws. Further we request you to black list the user for the > above activities. Bank reserve its rights to initiate action against > all parties to this incident directly or indirectly. > > =20 > > Any early action in this matter would be highly appreciated. > > =20 > > =20 > > Signature > > Chief Information Security Officer=20 > > =20 > > =20 > > > > DISCLAIMER: The information contained in this mail is for the > intended addressee only. If you have received this mail by > mistake, please note that any disclosure, copying, distribution > or taking action in reliance of the contents of this information > is strictly prohibited and may be unlawful. Please delete the > message and all the copies from your system and notify the sender > immediately at firstname.lastname@example.org. This mail has been scanned > for virus. However for safety purposes, it is recommended that > the attachment may be scanned for virus before launching. Any > opinions expressed, implied or presented are solely those of the > author and do not necessarily represent those of First Gulf Bank. > ------_=_NextPart_001_01C74CF4.535C26F3 > Content-Type: text/html; > charset="us-ascii" > Content-Transfer-Encoding: quoted-printable > > <html xmlns:o=3D"urn:schemas-microsoft-com:office:office" = > xmlns:w=3D"urn:schemas-microsoft-com:office:word" = > xmlns:x=3D"urn:schemas-microsoft-com:office:excel" = > xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" = > ...
More information about the DCC