On Fri, 27 Aug 2010, Bryant Zimmerman wrote:
> Hey all
>
> We are seeing intrusion attempts coming from address 201.47.236.122
> today They were hitting our switches trying to get in. So we blocked
> them at our firewall.
>
> Just wanted to put the word out so you all can protect your self.
You must be new here...
This sort of thing has been going on for months - years. Read the
archives )-:
Right now, I have a telco in Romania deliberately trying to hack into
several of my client sites - they must have bandwidth to spare, as even
with firewalling, they're still going strong.
At least, I'm assuming it's a telco - it's definitely a
telephone/ISPs
company's computer that is the source and it doesn't look like a generic
server/cloud type VPS thing either. It seems to be owned by "iLink
Telecom" whoever they are - so I'm assuming this is a dodgy eastern
European telco trying to steal free calls from the rest of the world.
The sad thing is that they're running the old, fucked-up version of
sipvicious - the one that keeps on trying, even when it's firewalled out.
It's been going on to several of my sites for over 3 days now - it peaked
on one site at 1.5Mb/sec, but it's averaging 400-500Kbps to each site
right now.
The site is 85.120.71.160 which maps to terminators.micos.ro. Hm. just
noticed this morning that there are at least 2 separate attacks to one
particular host of mine. Ah well. All their succeeding in doing is wasting
their own bandwidth. Hope they have to pay for it.
Gordon