RE: scanning from WANADOO-CABLE-BD

From: Jonkman, Matthew A. (Matthew.Jonkmanat_private)
Date: Sun Jun 02 2002 - 21:49:48 PDT

Next message: Jon Nelson: "Re: scanning from WANADOO-CABLE-BD"

Previous message: Roshen Chandran: "June Scan of the Month Challenge"
Maybe in reply to: Hugo van der Kooij: "scanning from WANADOO-CABLE-BD"
Next in thread: Jon Nelson: "Re: scanning from WANADOO-CABLE-BD"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

These aren't new by any means. I've been getting ftp probes from that ISP
for over 2 years, that I can recall at least. And those on boxes all around
the globe.

I remember another thread on the subject on some other list. A lot of ISP
sysadmins were considering blackhole routing their nets. Nothing seems to
have come of it though.

It could be useful if there was a concerted effort underway to blackhole
them, or if a few major providers could be convinced to blackhole them on a
backbone somewhere. That's the kind of pressure it'll probably take to make
something happen.

Till then, I keep up on my patches and firewall rules. And will
thereafter....  :)

Matthew Jonkman, CISSP
Senior Data Security Engineer




-----Original Message-----
From: Hugo van der Kooij [mailto:hvdkooijat_private] 
Sent: Sunday, June 02, 2002 1:17 PM
To: Incidents Mailing List
Subject: scanning from WANADOO-CABLE-BD


Hi,

Did others notice intensive scans from:
	inetnum:      213.17.86.0 - 213.17.89.255
	netname:      WANADOO-CABLE-BD
as well?

I got scans from several host resulting in plenty of lines in my log 
files. After sending a complaint I got an automated response claiming thay 
can not do a thing about it.

According to Dutch law and their AUP they can act upon the information but 
apparantly tell averyone they do not wish to do so.

I suggest any one of you that has seen scans from this netwok and received 
a similar message to complain pointing them to applicable Dutch law under 
the name "Wet computer criminaliteit" (computer crime law) as described 
under the section "compter terreur" (computer terror).

A sample of one of these prbes will be available on my website later.

Hugo.

-- 
All email send to me is bound to the rules described on my homepage.
    hvdkooijat_private		http://hvdkooij.xs4all.nl/
	    Don't meddle in the affairs of sysadmins,
	    for they are subtle and quick to anger.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Jon Nelson: "Re: scanning from WANADOO-CABLE-BD"
Previous message: Roshen Chandran: "June Scan of the Month Challenge"
Maybe in reply to: Hugo van der Kooij: "scanning from WANADOO-CABLE-BD"
Next in thread: Jon Nelson: "Re: scanning from WANADOO-CABLE-BD"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jun 03 2002 - 17:43:23 PDT