Thursday, June 24, 2010

Bulletproof Data Center

To all network, firewall & server administrators,

You might want to block the entire class C from 205.209.161.0 to 205.209.161.255. MSG is famous for supporting scam and spam related abusers and we constantly getting unauthorized SMTP requests from these IPs.

Sample SMTP request
[205.209.161.186][2955580] rsp: 220 mail.elohkcalb.com
[205.209.161.186][2955580] connected at 6/14/2010 7:01:35 PM
[205.209.161.186][2955580] cmd: HELO 205.209.161.186
[205.209.161.186][2955580] rsp: 250 mail.elohkcalb.com Hello [205.209.161.186][205.209.161.186][2955580] cmd: MAIL FROM: 88@163.com
[205.209.161.186][2955580] rsp: 250 OK 88@163.com Sender ok
[205.209.161.186][2955580] cmd: RCPT TO: victim@yahoo.com.tw
[205.209.161.186][2955580] rsp: 550 victim@yahoo.com.tw No such user here[205.209.161.186][2955580] disconnected at 6/14/2010 7:01:41 PM

References
http://www.robtex.com/cnet/205.209.161.html
http://www.google.com.sg/search?hl=en&source=hp&q=managed+solutions+group+spam&aq=f&aqi=&aql=&oq=&gs_rfai

No comments:

Post a Comment