When you are referring to black hole do you mean Black Hat (bad guys) list? CHINANET is a very big offender when it comes to Incident based activity. Now take into account that that does not mean that is where the attack is originating from. It also does not mean that the sysadmin's are ignoring abuse complaints; there are usually massive amounts of incidents that this region has to attend to and there is usually a lack of personnel or knowledge to compensate for the demand. Other subnets to look out for are from Korea, Taiwan and Hong Kong. I have seen many incidents coming from these netblocks as well. Performing Arin lookup's and IP index research will give you a quantitive list of IP's to keep an eye on after incidents occur. -----Original Message----- From: incidents.nospam13@web-cities.net [mailto:incidents.nospam13@web-cities.net] Sent: Monday, July 22, 2002 12:40 PM Cc: incidentsat_private Subject: Re: China Experience ? How many of you blackhole ISP's? I blackhole generic stuff like on the secure IOS templates but never really considered this. Anyone have a blackhole lists that they can share? Regards, Dr Bado. ----- Original Message ----- From: "Curley Mr Eric P" <CurleyEPat_private> To: <bonkat_private>; "Bob DeRosier" <bob.derosierat_private> Cc: <incidentsat_private> Sent: Monday, July 22, 2002 5:22 AM Subject: RE: China Experience ? > I'm going to have to agree with Bob on this one. I know that most of us > like to go to the heart of the problem and contact the ISP's sysadmin in > times of abuse and policy issues but these subnet have been well known for > quite some time to be black hat sanctuaries. I personal block all of these > subnet's at the border. If I don't do business with them then I don't need > to see their traffic. It has cleared up a lot of noise coming over the > wire. > > Cheers, > Eric > > -----Original Message----- > From: bonkat_private [mailto:bonkat_private] > Sent: Friday, July 19, 2002 9:41 PM > To: Bob DeRosier > Cc: incidentsat_private > Subject: Re: China Experience ? > > > On Fri, 19 Jul 2002, Bob DeRosier wrote: > > > > > I am looking for information about dealing with the authorities in China > > with regard to attack attempts. Does anyone know what the procedure is, > who > > to contact, what they do after they are contacted, any possible fallout > from > > such an action ? > > From a security standpoint, I've found that null routing all of their IP > space you can find is very benefecial. In dealing with security and abuse > related issues for quite some time, I have never had China reply or take > any action so I've been forced to the extreme in the case with China (and > others). > > > Bob > > > > > > ================================================= > Travis > www.cyberabuse.org/crimewatch > Email: Bonkat_private | Bonkat_private > ================================================= > /"\ > \ / > X ASCII Ribbon Campaign > / \ Against HTML Email > > > -------------------------------------------------------------------------- -- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > -------------------------------------------------------------------------- -- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Jul 22 2002 - 10:32:35 PDT