Infostrada Spa (net24.it) - massive spam, virus flooding and dictionary attacks abuse from all over their netspace! The count goes on thousands of attempts every day (over 20 thousands just during this half of the month, October 2005)! net24.it: Access denied! [151.3.0.0 - 151.95.255.255], [193.70.192.0 - 193.70.195.255]: Firewalled! === The count of mail sending attempts from net24.it for 01-15 October 2005 === # cat /var/log/maillog |grep net24\.it -c 20893 === Snippets from the Sendmail logs === Oct 1 13:52:30 orca sendmail[20418]: j91BqTmO020418: adsl-27-173.38-151.net24.it [151.38.173.27] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Oct 1 13:52:32 orca sendmail[20422]: j91BqVs4020422: ruleset=check_rcpt, arg1=, relay=adsl-27-173.38-151.net24.it [151.38.173.27], reject=553 5.3.0 ... E-mail from 151.38.173.27 refused using the Spamhaus Block List - see Oct 1 13:52:32 orca sendmail[20422]: j91BqVs4020422: lost input channel from adsl-27-173.38-151.net24.it [151.38.173.27] to MTA after rcpt Oct 1 13:52:32 orca sendmail[20422]: j91BqVs4020422: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=adsl-27-173.38-151.net24.it [151.38.173.27] Oct 1 13:52:33 orca sendmail[20424]: j91BqWXU020424: ruleset=check_rcpt, arg1=, relay=adsl-27-173.38-151.net24.it [151.38.173.27], reject=553 5.3.0 ... E-mail from 151.38.173.27 refused using the Spamhaus Block List - see Oct 1 13:52:33 orca sendmail[20420]: j91BqU2x020420: ruleset=check_rcpt, arg1=, relay=adsl-27-173.38-151.net24.it [151.38.173.27], reject=553 5.3.0 ... E-mail from 151.38.173.27 refused using the Spamhaus Block List - see Oct 1 13:52:33 orca sendmail[20424]: j91BqWXU020424: lost input channel from adsl-27-173.38-151.net24.it [151.38.173.27] to MTA after rcpt Oct 1 13:52:33 orca sendmail[20424]: j91BqWXU020424: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=adsl-27-173.38-151.net24.it [151.38.173.27] Oct 1 13:52:33 orca sendmail[20420]: j91BqU2x020420: lost input channel from adsl-27-173.38-151.net24.it [151.38.173.27] to MTA after rcpt Oct 1 13:52:33 orca sendmail[20420]: j91BqU2x020420: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=adsl-27-173.38-151.net24.it [151.38.173.27] Oct 1 13:52:34 orca sendmail[20426]: j91BqXrc020426: ruleset=check_rcpt, arg1=, relay=adsl-27-173.38-151.net24.it [151.38.173.27], reject=553 5.3.0 ... E-mail from 151.38.173.27 refused using the Spamhaus Block List - see Oct 1 13:52:34 orca sendmail[20428]: j91BqXgS020428: ruleset=check_rcpt, arg1=, relay=adsl-27-173.38-151.net24.it [151.38.173.27], reject=553 5.3.0 ... E-mail from 151.38.173.27 refused using the Spamhaus Block List - see Oct 1 13:52:34 orca sendmail[20426]: j91BqXrc020426: lost input channel from adsl-27-173.38-151.net24.it [151.38.173.27] to MTA after rcpt Oct 1 13:52:34 orca sendmail[20426]: j91BqXrc020426: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=adsl-27-173.38-151.net24.it [151.38.173.27] Oct 1 13:52:34 orca sendmail[20428]: j91BqXgS020428: lost input channel from adsl-27-173.38-151.net24.it [151.38.173.27] to MTA after rcpt Oct 1 13:52:34 orca sendmail[20428]: j91BqXgS020428: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=adsl-27-173.38-151.net24.it [151.38.173.27] <... dozens of thousands more ...> Oct 15 14:44:08 orca sendmail[25283]: j9FCi41R025283: lost input channel from adsl-ull-51-70.42-151.net24.it [151.42.70.51] to MTA after rcpt Oct 15 14:44:08 orca sendmail[25283]: j9FCi41R025283: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=adsl-ull-51-70.42-151.net24.it [151.42.70.51] Oct 15 14:44:11 orca sendmail[25285]: j9FCi6Yj025285: lost input channel from adsl-ull-51-70.42-151.net24.it [151.42.70.51] to MTA after rcpt Oct 15 14:44:11 orca sendmail[25285]: j9FCi6Yj025285: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=adsl-ull-51-70.42-151.net24.it [151.42.70.51] Oct 15 14:44:12 orca sendmail[25288]: j9FCi7AP025288: lost input channel from adsl-ull-51-70.42-151.net24.it [151.42.70.51] to MTA after rcpt Oct 15 14:44:12 orca sendmail[25288]: j9FCi7AP025288: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=adsl-ull-51-70.42-151.net24.it [151.42.70.51] Oct 15 14:44:12 orca sendmail[25287]: j9FCi7re025287: lost input channel from adsl-ull-51-70.42-151.net24.it [151.42.70.51] to MTA after rcpt Oct 15 14:44:12 orca sendmail[25287]: j9FCi7re025287: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=adsl-ull-51-70.42-151.net24.it [151.42.70.51] Oct 15 14:44:16 orca sendmail[25291]: j9FCiBaF025291: lost input channel from adsl-ull-51-70.42-151.net24.it [151.42.70.51] to MTA after rcpt Oct 15 14:44:16 orca sendmail[25291]: j9FCiBaF025291: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=adsl-ull-51-70.42-151.net24.it [151.42.70.51] Oct 15 14:44:19 orca sendmail[25295]: j9FCiDkH025295: lost input channel from adsl-ull-51-70.42-151.net24.it [151.42.70.51] to MTA after rcpt Oct 15 14:44:19 orca sendmail[25295]: j9FCiDkH025295: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=adsl-ull-51-70.42-151.net24.it [151.42.70.51] Oct 15 14:44:20 orca sendmail[25297]: j9FCiF41025297: lost input channel from adsl-ull-51-70.42-151.net24.it [151.42.70.51] to MTA after rcpt Oct 15 14:44:20 orca sendmail[25297]: j9FCiF41025297: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=adsl-ull-51-70.42-151.net24.it [151.42.70.51] Oct 15 14:44:20 orca sendmail[25298]: j9FCiFvr025298: lost input channel from adsl-ull-51-70.42-151.net24.it [151.42.70.51] to MTA after rcpt Oct 15 14:44:20 orca sendmail[25298]: j9FCiFvr025298: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=adsl-ull-51-70.42-151.net24.it [151.42.70.51] Oct 15 14:44:25 orca sendmail[25301]: j9FCiJjd025301: lost input channel from adsl-ull-51-70.42-151.net24.it [151.42.70.51] to MTA after rcpt Oct 15 14:44:25 orca sendmail[25301]: j9FCiJjd025301: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=adsl-ull-51-70.42-151.net24.it [151.42.70.51] Oct 15 14:44:27 orca sendmail[25303]: j9FCiLhf025303: lost input channel from adsl-ull-51-70.42-151.net24.it [151.42.70.51] to MTA after rcpt Oct 15 14:44:27 orca sendmail[25303]: j9FCiLhf025303: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=adsl-ull-51-70.42-151.net24.it [151.42.70.51] Oct 15 14:44:35 orca sendmail[25308]: j9FCiTD6025308: lost input channel from adsl-ull-51-70.42-151.net24.it [151.42.70.51] to MTA after rcpt Oct 15 14:44:35 orca sendmail[25308]: j9FCiTD6025308: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=adsl-ull-51-70.42-151.net24.it [151.42.70.51] Oct 15 14:44:45 orca sendmail[25311]: j9FCidE5025311: lost input channel from adsl-ull-51-70.42-151.net24.it [151.42.70.51] to MTA after rcpt Oct 15 14:44:45 orca sendmail[25311]: j9FCidE5025311: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=adsl-ull-51-70.42-151.net24.it [151.42.70.51] Oct 15 14:44:49 orca sendmail[25306]: j9FCiRFS025306: from=, size=34984, class=0, nrcpts=1, msgid=<200510151244.j9FCiRFS025306@mail.dolphinwave.org>, proto=ESMTP, daemon=MTA, relay=adsl-ull-51-70.42-151.net24.it [151.42.70.51] Oct 15 14:44:54 orca sendmail[25314]: j9FCiliU025314: lost input channel from adsl-ull-51-70.42-151.net24.it [151.42.70.51] to MTA after rcpt Oct 15 14:44:54 orca sendmail[25314]: j9FCiliU025314: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=adsl-ull-51-70.42-151.net24.it [151.42.70.51] Oct 15 14:44:57 orca sendmail[25335]: j9FCirmH025335: lost input channel from adsl-ull-51-70.42-151.net24.it [151.42.70.51] to MTA after rcpt Oct 15 14:44:57 orca sendmail[25335]: j9FCirmH025335: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=adsl-ull-51-70.42-151.net24.it [151.42.70.51] Oct 15 14:44:59 orca sendmail[25341]: j9FCiu7L025341: lost input channel from adsl-ull-51-70.42-151.net24.it [151.42.70.51] to MTA after rcpt Oct 15 14:44:59 orca sendmail[25341]: j9FCiu7L025341: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=adsl-ull-51-70.42-151.net24.it [151.42.70.51] Oct 15 14:45:02 orca sendmail[25338]: j9FCis3o025338: lost input channel from adsl-ull-51-70.42-151.net24.it [151.42.70.51] to MTA after rcpt Oct 15 14:45:02 orca sendmail[25338]: j9FCis3o025338: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=adsl-ull-51-70.42-151.net24.it [151.42.70.51] Oct 15 14:45:08 orca sendmail[25343]: j9FCiv10025343: lost input channel from adsl-ull-51-70.42-151.net24.it [151.42.70.51] to MTA after rcpt Oct 15 14:45:08 orca sendmail[25343]: j9FCiv10025343: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=adsl-ull-51-70.42-151.net24.it [151.42.70.51] === Some data === $ host net24.it net24.it has address 193.70.192.212 net24.it mail is handled by 10 mx1.libero.it. net24.it mail is handled by 10 mx2.libero.it. net24.it mail is handled by 10 mx3.libero.it. net24.it mail is handled by 10 mx4.libero.it. $ jwhois 193.70.192.212 [Querying whois.ripe.net] [whois.ripe.net] <...> inetnum: 193.70.192.0 - 193.70.195.255 netname: WIND-INFRASTRUCTURE-NET-0 descr: Wind Infrastructure country: IT admin-c: IHM1-RIPE tech-c: IHM2-RIPE status: ASSIGNED PA mnt-by: AS1267-MNT mnt-routes: AS1267-MNT source: RIPE # Filtered role: IOL Host Master address: Italia Online S.p.A. address: Via Lorenteggio 257 address: I-20153 Milano address: Italy phone: +39 02 30111 fax-no: +39 02 30114182 e-mail: hostmaster@iol.it admin-c: MP818-RIPE tech-c: IHM1-RIPE tech-c: GB426-RIPE tech-c: CC333-RIPE remarks: Hostmaster IOL Team nic-hdl: IHM2-RIPE mnt-by: AS1267-MNT source: RIPE # Filtered person: IOL Host Master address: Italia Online S.p.A. address: Via Lorenteggio, 257 address: I-20153 Milano address: Italy phone: +39 02 30111 fax-no: +39 02 30114182 e-mail: hostmaster@iol.it nic-hdl: IHM1-RIPE mnt-by: AS1267-MNT source: RIPE # Filtered % Information related to '193.70.0.0/16AS1267' route: 193.70.0.0/16 descr: IT-EUNET-193-76 origin: AS1267 remarks: removed cross-mnt: AS1267-MNT mnt-lower: AS1267-MNT mnt-routes: AS1267-MNT mnt-by: AS1267-MNT source: RIPE # Filtered $ jwhois 151.38.0.0 [Querying whois.ripe.net] [whois.ripe.net] <...> inetnum: 151.38.0.0 - 151.38.255.255 netname: IUNET-BNET38 descr: IUnet descr: Via Lorenteggio 257 descr: Milano, I-20100 country: IT admin-c: IIS1-RIPE tech-c: IIS1-RIPE status: ASSIGNED PA mnt-by: AS1267-MNT mnt-lower: AS1267-MNT mnt-routes: AS1267-MNT source: RIPE # Filtered person: Infostrada Internet Staff address: Infostrada SpA address: Via Lorenteggio 257 address: I-20152 Milano address: Italy phone: +39 02 413311 e-mail: staff@iunet.it nic-hdl: IIS1-RIPE mnt-by: AS1267-MNT source: RIPE # Filtered % Information related to '151.38.0.0/16AS1267' route: 151.38.0.0/16 descr: INFOSTRADA origin: AS1267 remarks: removed cross-mnt: AS1267-MNT mnt-lower: AS1267-MNT mnt-routes: AS1267-MNT mnt-by: AS1267-MNT source: RIPE # Filtered $ jwhois 151.95.0.0 [Querying whois.ripe.net] [whois.ripe.net] <...> inetnum: 151.95.0.0 - 151.95.255.255 remarks: This object has been updated in an automated process to fix references by names on 20030116. For more information, please see http://www.ripe.net/db/refs-by-name-cleanup.html netname: NUOVO-PIGNONE descr: Nuovo Pignone LAN country: IT admin-c: SM2049-RIPE # was 'Silvano Manetti' tech-c: SM2049-RIPE # was 'Silvano Manetti' status: EARLY-REGISTRATION mnt-by: RIPE-NCC-LOCKED-MNT remarks: Maintainer RIPE-NCC-NONE-MNT removed and object remarks: LOCKED by the RIPE NCC due to remarks: deprecation of the NONE authentication scheme. remarks: Please visit the following URL to unlock this object remarks: http://www.ripe.net/db/none-deprecation-042004.html source: RIPE # Filtered role: Silvano Manetti remarks: This object has been created in remarks: an automated process of replacing remarks: all inconsistent references with remarks: valid references. For more information, remarks: please see http://www.ripe.net/db/refs-by-name-cleanup.html remarks: The NIC handle of this object will remarks: replace the reference 'Silvano Manetti'. address: No Address # unknown address phone: +00 00 # unknown phone number e-mail: bit-bucket@ripe.net # unknown e-mail address admin-c: SM158-RIPE admin-c: SM3152-RIPE tech-c: SM158-RIPE tech-c: SM3152-RIPE nic-hdl: SM2049-RIPE source: RIPE # Filtered % Information related to '151.95.0.0/16AS1267' route: 151.95.0.0/16 descr: INFOSTRADA origin: AS1267 remarks: removed cross-mnt: AS1267-MNT mnt-lower: AS1267-MNT mnt-routes: AS1267-MNT mnt-by: AS1267-MNT source: RIPE # Filtered