<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<TITLE>Meddelande</TITLE>
<META content="MSHTML 6.00.2800.1226" name=GENERATOR></HEAD>
<BODY text=#000000 bgColor=#ffffff>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=015232010-02092003>Unless
they are using a NAT firewall then you might block their smtp-server as
well..... but not likely any got that kind of config.... just a
thought</SPAN></FONT></DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV></DIV>
<DIV class=OutlookMessageHeader lang=sv dir=ltr align=left> </DIV>Does
anybody actively build lists of IP's sending out SoBig? We are currently
analysing our logs hourly and then taking the top 10 offenders and putting
them in an Exim blocking list, in the hope that it will take **some** load off
our servers.<BR><BR>My thought's are along the same lines of Antony's.
i.e Sobig uses it's own SMTP engine so we shouldn't be seeing these IP's
anyhow.<BR><BR>Dan<BR>
<BLOCKQUOTE cite=mid200309011607.h81G7X506276@onyx.rockstone.co.uk
type="cite"><PRE wrap="">Antony.
--
In science, one tries to tell people
in such a way as to be understood by everyone
something that no-one ever knew before.
In poetry, it is the exact opposite.
- Paul Dirac
</PRE></BLOCKQUOTE><BR><PRE class=moz-signature cols="72">--
____________________________________
Daniel Bird
Network & Systems Manager
St. George's Hospital Medical School
Tooting
London SW17 0RE
P: +44 20 8725 2897
F: +44 20 8725 3583
E: <A class=moz-txt-link-abbreviated href="mailto:dan@sghms.ac.uk">dan@sghms.ac.uk</A>
____________________________________
Hex dump: Where witches put used curses...
"#define QUESTION ((bb) || !(bb)) - Shakespeare." </PRE></BLOCKQUOTE></BODY></HTML>