TSTT Forum: spam zombie on tstt network 209.94.207.181 - TSTT Forum

Jump to content

Page 1 of 1

spam zombie on tstt network 209.94.207.181

#1 User is offline   imdeo Icon

  • Newbie
  • Pip
  • Group: Members
  • Posts: 1
  • Joined: 11-August 05

Posted 11 August 2005 - 01:38 PM

the machine is now a complete nuisance

here is the trace from sprint down


sl-telec1-2-0.sprintlink.net (160.81.138.254)
routg.tstt.net.tt (209.94.205.8)
196.3.133.166 (196.3.133.166)
209.94.207.180 (209.94.207.180)

it got taken over a month ago, and is probably well known in the
spammer community now, because the spewage from it is increasing.
if u know a sys admin or someone in there - please let them know

thanks
0

#2 User is offline   Razzzhead Icon

  • Advanced Member
  • PipPipPip
  • Group: Members
  • Posts: 79
  • Joined: 10-August 05
  • Location:Prospect, Tobago

Posted 11 August 2005 - 03:06 PM

Seems to be offline though. How did you monitor it?
0

#3 Guest_watcher_*

  • Group: Guests

Posted 11 August 2005 - 05:36 PM

that looks like some business with a lease line :huh: If they were spitting out spam, you would see the source ip (209.94.207.180) in your mail headers on a daily basis.
0

#4 Guest_Guest_*

  • Group: Guests

Posted 12 August 2005 - 06:15 PM

Razzzhead, on Aug 11 2005, 03:06 PM, said:

Seems to be offline though. How did you monitor it?

i see the smtp in my logs
<36>Aug 12 12:49:48 tcpwrap[13066]:refused connection from 209.94.207.181, service smtp (tcp)
<36>Aug 12 12:55:20 tcpwrap[14002]:refused connection from 209.94.207.181, service smtp (tcp)
<36>Aug 12 12:55:25 tcpwrap[14012]:refused connection from 209.94.207.181, service smtp (tcp)
<36>Aug 12 12:55:28 tcpwrap[14018]:refused connection from 209.94.207.181, service smtp (tcp)
<36>Aug 12 12:55:33 tcpwrap[14029]:refused connection from 209.94.207.181, service smtp (tcp)
<36>Aug 12 13:00:07 tcpwrap[14866]:refused connection from 209.94.207.181, service smtp (tcp)
<36>Aug 12 13:00:17 tcpwrap[14875]:refused connection from 209.94.207.181, service smtp (tcp)
<36>Aug 12 13:00:21 tcpwrap[14885]:refused connection from 209.94.207.181, service smtp (tcp)
<36>Aug 12 13:00:22 tcpwrap[14893]:refused connection from 209.94.207.181, service smtp (tcp)
<36>Aug 12 14:48:46 tcpwrap[30952]:refused connection from 209.94.207.181, service smtp (tcp)
<36>Aug 12 14:48:47 tcpwrap[30958]:refused connection from 209.94.207.181, service smtp (tcp)
<36>Aug 12 14:48:51 tcpwrap[30971]:refused connection from 209.94.207.181, service smtp (tcp)
<36>Aug 12 14:48:53 tcpwrap[30974]:refused connection from 209.94.207.181, service smtp (tcp)

of course
i have it blocked
it seems that it comes online intermittenly and the spammer code takes advantage
0
Page 1 of 1

Fast Reply

  

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users