The bulk of the 218.0.0.0 Class A range is allocated to provincial entities in the PRC. The other big source of addresses I have seen is the 61.0.0.0 subnet which is spread between India and the PRC, again in the PRC it seems to be allocated to provincial entities. The 61.11 range in India has been very active trying to fish passwords but strangely whoever is doing it is coming from right across the whole A range. Snip of repeated ORF event below: NOTIFICATION - Open Relay Filter Enterprise Edition =================================================================== The following event has occurred: Class : Block Severity : Info Source : SMTPSVC-1 Related IP : 61.11.47.52 Text description: ================= Blocked. Recipient address (user3(a)989888.com) is not listed in the Active Directory. Sender: test(a)yahoo.com. SMTP response: End snip. This particular event just won't stop. Geoff Williams -----Original Message----- From: Joe Abley [mailto:jabley(a)isc.org] Sent: Tuesday, 28 October 2003 12:41 PM To: Geoff Williams Cc: nznog(a)list.waikato.ac.nz Subject: Re: [nznog] New and unacknowledged Exchange / Win2k SMTP vulnerability? On 27 Oct 2003, at 17:25, Geoff Williams wrote:
I had originally blocked 2 Class A IP ranges at our router after watching the traffic and finding that they were allocated to a provider in China.
Which class A networks do you think are allocated to a provider in China? This email is confidential and intended for the recipient only. If you receive it in error please delete it immediately.