Security Incidents mailing list archives
Re: scan log and subsequent response from the host's ISP
From: mforrester () HSACORP NET (Forrester, Mike)
Date: Fri, 7 Jul 2000 10:57:08 -0600
According to ripe.net, they own 212.216.0.0 - 212.216.255.255 so everyone might want to block their whole range... While poking around, I found several references to interbusiness.it as shown near the end. BTW - Does anyone know of a site that lists known 'rogue' ISP's and why they are considered such? Mike Forrester - Systems Security Engineer High Speed Access Corp. - Denver, CO USA mforrester () hsacorp net - +1 303 256 2134
From ripe.net:
inetnum: 212.216.0.0 - 212.216.255.255 netname: IT-TIN-980225 descr: Telecom Italia Net descr: PROVIDER country: IT admin-c: EB339-RIPE tech-c: DSF11 tech-c: MC4803-RIPE tech-c: CC297-RIPE tech-c: MP3870 tech-c: SP46-RIPE status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-lower: INTERB-MNT changed: hostmaster () ripe net 19980225 changed: hostmaster () ripe net 19980226 changed: hostmaster () ripe net 19980513 changed: hostmaster () ripe net 19980914 changed: hostmaster () ripe net 19980916 changed: hostmaster () ripe net 19990316 changed: hostmaster () ripe net 19990322 changed: hostmaster () ripe net 20000128 changed: hostmaster () ripe net 20000303 changed: hostmaster () ripe net 20000316 source: RIPE route: 212.216.0.0/16 descr: INTERBUSINESS origin: AS3269 advisory: AS690 1:701 2:1800 mnt-by: INTERB-MNT changed: cgiadmin () cgi interbusiness it 19980422 source: RIPE
-----Original Message----- From: Dan Hollis [mailto:goemon () SASAMI ANIME NET] Sent: Wednesday, July 05, 2000 5:08 PM To: INCIDENTS () SECURITYFOCUS COM Subject: Re: scan log and subsequent response from the host's ISP On Mon, 3 Jul 2000, Bradley Woodward wrote:These scans are so common, I wouldn't bother posting them,except for therather disappointing response from the ISP's supportdepartment. I'veincluded an edited log file and email response.Hm time to blackhole route 212.216.184.0 - 212.216.191.255? Their response definitely makes them rogue. -Dan
Current thread:
- Intrusion, WuFTP exploit?, (continued)
- Intrusion, WuFTP exploit? David Knaack (Jul 07)
- Re: scan log and subsequent response from the host's ISP Philipp Buehler (Jul 11)
- Re: scan log and subsequent response from the host's ISP Pauel Loshkin (Jul 07)
- Re: scan log and subsequent response from the host's ISP Dan Hollis (Jul 10)
- Re: scan log and subsequent response from the host's ISP Pavel Lozhkin (Jul 10)
- Snort (about large-udp attack) JW Oh (Jul 10)
- lifestages on IRC Omicron N (Jul 09)
- Re: lifestages on IRC Robert van der Meulen (Jul 10)
- Re: lifestages on IRC Vincent Hillier (Jul 10)
- Re: lifestages on IRC T. H. Haymore (Jul 10)
- Re: scan log and subsequent response from the host's ISP Forrester, Mike (Jul 07)
- tin.it and others non collaborative isps. Osvaldo Janeri Filho (Jul 07)
- Re: tin.it and others non collaborative isps. Bradley Woodward (Jul 10)
- Some stats of events Henri J. Schlereth (Jul 10)
- Re: tin.it and others non collaborative isps. gabriel rosenkoetter (Jul 10)
- Re: tin.it and others non collaborative isps. Philipp Buehler (Jul 11)
- Re: tin.it and others non collaborative isps. Richard Bejtlich (Jul 11)
- Hostile email mmurray () TAOS COM (Jul 12)
- I Was rooted Andrew Heath (Jul 17)
- Obfuscated URL's in spam Kee Hinckley (Jul 18)
- 85.85.85.85 weirdness Wozz (Jul 18)
- tin.it and others non collaborative isps. Osvaldo Janeri Filho (Jul 07)