Security Incidents mailing list archives
Re: scan log and subsequent response from the host's ISP
From: sectech () PTD NET (StrmShdw)
Date: Sat, 8 Jul 2000 12:51:14 -0700
There is an organization started not too long ago called RISP (Respnosible Internet Service Providers). Maybe we should start getting them to list "rogue" ISP/providers. As of right now they act as a source of contact information to security professional with certain ISP's. Just a thought =) It would be nice to have a central repository for blacklisted ISP's. Keith -----Original Message----- From: Incidents Mailing List [mailto:INCIDENTS () SECURITYFOCUS COM]On Behalf Of Forrester, Mike Sent: Friday, July 07, 2000 09:57 To: INCIDENTS () SECURITYFOCUS COM Subject: Re: scan log and subsequent response from the host's ISP According to ripe.net, they own 212.216.0.0 - 212.216.255.255 so everyone might want to block their whole range... While poking around, I found several references to interbusiness.it as shown near the end. BTW - Does anyone know of a site that lists known 'rogue' ISP's and why they are considered such? Mike Forrester - Systems Security Engineer High Speed Access Corp. - Denver, CO USA mforrester () hsacorp net - +1 303 256 2134
From ripe.net:
inetnum: 212.216.0.0 - 212.216.255.255 netname: IT-TIN-980225 descr: Telecom Italia Net descr: PROVIDER country: IT admin-c: EB339-RIPE tech-c: DSF11 tech-c: MC4803-RIPE tech-c: CC297-RIPE tech-c: MP3870 tech-c: SP46-RIPE status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-lower: INTERB-MNT changed: hostmaster () ripe net 19980225 changed: hostmaster () ripe net 19980226 changed: hostmaster () ripe net 19980513 changed: hostmaster () ripe net 19980914 changed: hostmaster () ripe net 19980916 changed: hostmaster () ripe net 19990316 changed: hostmaster () ripe net 19990322 changed: hostmaster () ripe net 20000128 changed: hostmaster () ripe net 20000303 changed: hostmaster () ripe net 20000316 source: RIPE route: 212.216.0.0/16 descr: INTERBUSINESS origin: AS3269 advisory: AS690 1:701 2:1800 mnt-by: INTERB-MNT changed: cgiadmin () cgi interbusiness it 19980422 source: RIPE
-----Original Message----- From: Dan Hollis [mailto:goemon () SASAMI ANIME NET] Sent: Wednesday, July 05, 2000 5:08 PM To: INCIDENTS () SECURITYFOCUS COM Subject: Re: scan log and subsequent response from the host's ISP On Mon, 3 Jul 2000, Bradley Woodward wrote:These scans are so common, I wouldn't bother posting them,except for therather disappointing response from the ISP's supportdepartment. I'veincluded an edited log file and email response.Hm time to blackhole route 212.216.184.0 - 212.216.191.255? Their response definitely makes them rogue. -Dan
Current thread:
- Re: 85.85.85.85 weirdness, (continued)
- Re: 85.85.85.85 weirdness Wozz (Jul 19)
- Re: 85.85.85.85 weirdness Jud (Jul 19)
- msnhome.talkcity.com Dirk Koopman (Jul 21)
- Re: msnhome.talkcity.com Ryan Yagatich (Jul 24)
- Anyone ever heard of "rlumkaus" virus/bug/trojan/backdoor? Litscher, Steven (Jul 21)
- Sudden increase in scans. Rune Kristian Viken (Jul 20)
- Re: Sudden increase in scans. Aaron Kelley (Jul 24)
- Wierd Windows 98 bug? Mark Collins (Jul 20)
- Port 38293 Tim H (Jul 21)
- Re: Port 38293 Talisker (Jul 22)
- Re: scan log and subsequent response from the host's ISP Pauel Loshkin (Jul 10)