These aren't new by any means. I've been getting ftp probes from that ISP for over 2 years, that I can recall at least. And those on boxes all around the globe. I remember another thread on the subject on some other list. A lot of ISP sysadmins were considering blackhole routing their nets. Nothing seems to have come of it though. It could be useful if there was a concerted effort underway to blackhole them, or if a few major providers could be convinced to blackhole them on a backbone somewhere. That's the kind of pressure it'll probably take to make something happen. Till then, I keep up on my patches and firewall rules. And will thereafter.... :) Matthew Jonkman, CISSP Senior Data Security Engineer -----Original Message----- From: Hugo van der Kooij [mailto:hvdkooijat_private] Sent: Sunday, June 02, 2002 1:17 PM To: Incidents Mailing List Subject: scanning from WANADOO-CABLE-BD Hi, Did others notice intensive scans from: inetnum: 213.17.86.0 - 213.17.89.255 netname: WANADOO-CABLE-BD as well? I got scans from several host resulting in plenty of lines in my log files. After sending a complaint I got an automated response claiming thay can not do a thing about it. According to Dutch law and their AUP they can act upon the information but apparantly tell averyone they do not wish to do so. I suggest any one of you that has seen scans from this netwok and received a similar message to complain pointing them to applicable Dutch law under the name "Wet computer criminaliteit" (computer crime law) as described under the section "compter terreur" (computer terror). A sample of one of these prbes will be available on my website later. Hugo. -- All email send to me is bound to the rules described on my homepage. hvdkooijat_private http://hvdkooij.xs4all.nl/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Jun 03 2002 - 17:43:23 PDT