I had an abuse report case today in which the party responsible for the addresses basicaly said: "Viruses are not network abuse" and " People who have registered the addresses are not the ones who the abuse report should be sent to." And they were, of course, given a course on how abuse reporting works(and has worked in mass histeria times like Code Red, etc.), and why they should participate in it. Not that it changed their mind, but we tried, really. The last exchange was like: me: "If you don't take responsibility for actions made from your addresses, we are seriously considering the posibility of stopping any exchage of traffic with your addresses." them: "NO PROVIDER ON THIS WORLD takes this responsibility. You are wrong " and bla,bla,bla and "There is a recomendation of the European union that every provider should provide anonymous access to their network, so we don't have to care who is behind every single account." a colegue: "If you really think that "phone companies are not responsible for conversations over their networks" (an actual quote of you), would you please give me your phone number so that I can call you every night between 2 and 5. But don't contact the phone company about that, because they "are not responsible", so there is no need for them to do anything." What do you all-on-this-list think about it? Are you willing to communicate with address blocks that have a report-handling policy like this one? Do you know of a blacklist for documented networks with bad network abuse handling policies aka. hacker friendly. BR, CCNP Boyan Krosnov Network Administrator Lirex Net phone: +359-2-91815 > -----Original Message----- > From: Pavel Lozhkin [mailto:pavelat_private] > Sent: Monday, December 03, 2001 11:01 PM > To: incidentsat_private > Subject: Network 195.70.202.0/24 is hacker-freindly > > > Hello ! > > I got attempt to infect my server by Nimda virus from 195.70.202.138 > The administrator of the network (it is San Peterburg state > University's > net) wrote me on my complain that he does not want to clean > his infected > machines and that he does not have any contract with my firm > so that i'm > unable to ask him to clean these computers from where i got these > attempts and unable to ask him anything. > And he will scan me in any time if he wants, and i should not > ask him to > stop that. > > So that i consider the net 195.70.202.0/24 as uncontrolled > one and block > the network by my firewall and recommend all peoples do the same thing > > Pavel > > > -------------------------------------------------------------- > -------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Dec 04 2001 - 08:59:29 PST