Hey all -
I've been running a relay here for about 2-3 years now, with limited problems, especially since I switched to the more restrictive reduced exit policy (only allowing a few ports). However, I just received this today, which is new and alarming. I've replied with the boilerplate, but I'm worried as I've never heard from verizon since I went reduced, and they are the fastest and most reliable ISP (fiber to the home) in my part of the states.
Here's the message, truncated:
On 05-09-2011, your account was reported to have been used in an attempt to gain unauthorized access to another system, or to transmit malicious traffic to another Internet user.
It is possible your system may have been infected by a virus or a botnet that is causing this action.
Report and/or Logs:
Timestamp: 2012-05-09 11:28:55 (GMT) Alert: COSED [CSG-GOP-009] SCAN Sqlmap SQL Injection Scan Source: 96.242.209.159 (49608) Destination: 200.189.113.50 (80) Content: LL,%20NULL,%20NULL,%20NULL,%20NULL,%20NULL,%20NULL,%20NULL,%20NULL,%20NULL,% 20NULL,%20NULL,%20NULL,%20NULL,%20NULL,%20NULL,%20NULL,%20NULL,%20NULL,% 20NULL,%20NULL,%20NULL,%20NULL,%20NULL,%20NULL,%20NULL,%20NULL,%20NULL,% 20NULL,%20NULL,%20NULL,%20NULL,%20NULL,%20NULL,%20NULL,%20NULL,%20NULL,% 20NULL,%20NULL,%20NULL--%20%20AND%20%27tysA%27%3D%27tysA& codigo=09590039044&orgcom=116100&serie=E000874295&tipo= DEFESA%20PREVIA&result=INDEFERIDO&motivo=015&auto=116100-E000874295 HTTP/1.1 Accept-Encoding: identity Accept-Language: en-us,en;q=0.5 Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: sqlmap/1.0-dev (r4997) (http://www.sqlmap.org) Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Host: celepar7.pr.gov.br Pragma: no-cache Cache-Control: no-cache,no-store