66.194.6.76 and friends

I just blacklisted 66.194.6.0/24 . Websense yourself!
If you have a unified logging you can spot something like this easily, otherwise I suggest you run these on your logs
grep "66.194.6" *|grep gif
grep "66.194.6" *|grep -i linux

Yes it is something called a Konqueror Morphbot and it is snooping on your machines and makes lists of something for someone.

Interesting bit is a hit to all domains looking for /img1big.gif a supposedly dangerous gif that spreads some kind of trojan. This bot was hitting my servers in waves disobeying robots.txt or anything common sense.

It is unacceptable and I am rejecting all traffic from their C block immediately on all of my servers.

I suggest you do that, here is the whois info:


whois 66.194.6.0
Time Warner Telecom TWTC-NETBLK-4 (NET-66-192-0-0-1)
66.192.0.0 - 66.195.255.255
Websense TWTC-NETBLK-4 (NET-66-194-6-0-1)
66.194.6.0 - 66.194.6.255

# ARIN WHOIS database, last updated 2005-09-12 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.