Since someone raised the question about assigned IPs in the 35.12.xx.yy range, let me try to clear the air....  If you check the host tables:  http://www.dns.cl.msu.edu/hostfile/hosts.msu  and scan through the 35.12. range, you can see many, many specific address ranges that are related to dialup hosts (for example, 35.12.8.1 is remote dialup at ACD.net, 35.12.9.52 thru 99 are michnet dialup connections, etc).  I know that there are also specific ranges that are assigned to people connecting via dialup.  I'm not proposing any blocking of static IPs that are known to be assigned to specific departments or devices with unique DNS names.  I'm refering to specific ranges within 35.12.xx.yy which can be identified as external dialup connections, not the entire range.  At least one Exchange server admin I spoke with this morning is seeing the majority of messages with the infected, password protected ZIP files coming from various addresses in this range.

 

Again, I don't know if this is feasable, or what can or can't be done.  I'm just trying to think about the problem, and what might be done to limit traffic problems.  I'm no expert... that's why I'm posting here to ask for ideas.  (Hint hint: Doug, Rich, Joe, Mike?  Any ideas?)

 

John A. Resotko
Head of Systems Administration
MSU - Detroit College of Law
208 Law College Building
East Lansing, MI  48824-1300
email: [log in to unmask]
Phone: 517-432-6836
Fax: 517-432-6861