Test Center Threat Watch 10/23/08
After a successful migration, the test network's spam filter was hit with spam shortly after being powered on. The most persistent offenders were a couple of opt-in, get-rich-quick services.
Attack Watch 10/22-10/23
The trap network logged a series of TCP port scans originating from an Illinois-based IP address that traces to the ISP Cumberland, Internet.
Log files also show relentless spamming from sfimarketing.com. A Google search on the domain shows that sfimarketing has been a nuisance for many network administrators around the world. The spammers using this domain have been accused by several online posters of sending e-mail scam letters that appear to come from legitimate charitable organizations. A query on this domain using OPenRBL blacklist lookup, shows that the site is blocked by rfc_bogusmx, rfc_abuse, rfc_postmaster and apews_l1.
A scan against port 57, which is set up for Mail Transfer Protocol on the test network, was initiated by an IP coming from Avantel's network out of Mexico.
Log files also report some SQL worm attacks from Beijing IP addresses. The domain associated with the IP address is cndata.com, which is listed on several blacklists that report the domain has missing or inaccurate WHOIS data, which is often a sign of malicious intent. The SQL worm attack is a known vulnerability that affects SQL 2000 servers. It is identified by SecurityFocus as CVE-2002-0649 and CVE-2002-0729.