Same here. After repeated requests to service providers to help with locating spammers/hackers/scanners.... I've just flat blocked the networks from access to our entirely. Greg Foulks, MCP NewFound Technologies, Inc. http://www.nfti.com Email: greg.foulks@xxxxxxxx Voice: 614.318.5036 Fax: 614.318.5005 -----Original Message----- From: Dan Bartley [mailto:dan@xxxxxxxxxxxxxxx] Sent: Thursday, April 18, 2002 12:33 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: virus from "tshinder" http://www.ISAserver.org I blocked several ISPs in Korea due to repeated scans and other hack attempts. Despite repeated complaints to the providers, and seemingly cooperative responses, the same source IPs kept popping up. I've not lost anything important as a result. There seems to be very little legitimate activity coming from that part of the globe, in my realm anyway. Dan Bartley, MCSE+Internet dan@xxxxxxxxxxxxxxx -----Original Message----- From: Thomas W. Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Thursday, April 18, 2002 12:21 To: [ISAserver.org Discussion List] Subject: [isalist] RE: virus from "tshinder" http://www.ISAserver.org Hi John, Thanks for the info. Which reminds me, there's been a lot of talk in the press about blocking the Pacific rim net blocks because of viruses and spam. I haven't implemented this at any of our locations yet, but I'm wondering if anyone here has done this in their own company? Thanks! Tom www.isaserver.org/shinder -----Original Message----- From: John Tolmachoff [mailto:jtolmachoff@xxxxxxxxxxxxxxxx] Sent: Thursday, April 18, 2002 11:12 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: virus from "tshinder" http://www.ISAserver.org And Tom is such a great guy. Who would do a thing like that? Of course, we could look at the headers and file a complaint. Ah, 202.157.155.35 is in Singapore. 75% of the virus notices that I receive are from infected e-mail from that part of the world. John Tolmachoff IT Manager, Network Engineer 211 E. Imperial Hwy., Suite 106 Fullerton, CA 92835 714-578-7999, ext. 104 jtolmachoff@xxxxxxxxxxxxxxxx www.reliancesoft.com -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Thursday, April 18, 2002 9:02 AM To: [ISAserver.org Discussion List] Subject: [isalist] virus from "tshinder" http://www.ISAserver.org Hi folks, If you get a mail from "tshinder" with a heading of "this configuration can get" on it, drop it like the hot potato it is. Don't open it, don't preview it, nada. It's a HTML MIME.exploit/IFrame virus and WAS NOT sent by Tom. The one I received came from: cebitasia@xxxxxxxxxxxx -- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jtolmachoff@xxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: dan@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: greg.foulks@xxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')