RE: China Experience ?

From: Curley Mr Eric P (CurleyEPat_private)
Date: Mon Jul 22 2002 - 05:22:30 PDT

Next message: Hornat, Charles: "RE: diagnose compromise on NT"

Previous message: Ken Grossman: "Scanning Port UDP 4668"
Maybe in reply to: Bob DeRosier: "China Experience ?"
Next in thread: incidents.nospam13@web-cities.net: "Re: China Experience ?"
Reply: incidents.nospam13@web-cities.net: "Re: China Experience ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm going to have to agree with Bob on this one.  I know that most of us
like to go to the heart of the problem and contact the ISP's sysadmin in
times of abuse and policy issues but these subnet have been well known for
quite some time to be black hat sanctuaries.  I personal block all of these
subnet's at the border.  If I don't do business with them then I don't need
to see their traffic.  It has cleared up a lot of noise coming over the
wire. 

Cheers,
Eric

-----Original Message-----
From: bonkat_private [mailto:bonkat_private]
Sent: Friday, July 19, 2002 9:41 PM
To: Bob DeRosier
Cc: incidentsat_private
Subject: Re: China Experience ?

On Fri, 19 Jul 2002, Bob DeRosier wrote:

>
> I am looking for information about dealing with the authorities in China
> with regard to attack attempts.  Does anyone know what the procedure is,
who
> to contact, what they do after they are contacted, any possible fallout
from
> such an action ?

From a security standpoint, I've found that null routing all of their IP
space you can find is very benefecial.  In dealing with security and abuse
related issues for quite some time, I have never had China reply or take
any action so I've been forced to the extreme in the case with China (and
others).

> Bob

=================================================
Travis
www.cyberabuse.org/crimewatch
Email: Bonkat_private | Bonkat_private
=================================================
/"\
\ /
 X   ASCII Ribbon Campaign
/ \  Against HTML Email

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Hornat, Charles: "RE: diagnose compromise on NT"
Previous message: Ken Grossman: "Scanning Port UDP 4668"
Maybe in reply to: Bob DeRosier: "China Experience ?"
Next in thread: incidents.nospam13@web-cities.net: "Re: China Experience ?"
Reply: incidents.nospam13@web-cities.net: "Re: China Experience ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 22 2002 - 08:55:22 PDT