Re: scan log and subsequent response from the host's ISP

[osvaldojaneri () UOL COM BR (Osvaldo Janeri Filho)]

        Brazil is one of the biggest population of internet users on
Americas. It's the #1 on Latin American. We are experiencing the internet
boom here (Free internet access is a reality here), and a lot of new
people are getting connected. The laws about digital crimes aren't clear
(We don't have any a couple of months ago) and the authorities are slow on
'hacker' activies. But the ISP's here IMHO are very comprenhesive about
the topic, and then often try to stop these acts. So , I think it's not a
really good idea to block entire .br subnets, because you can block access
from many, many 'innocent' individuals. But I really agree to blacklist
ISPs that don't collaborate with the efforts to stop that. And here on
Brazil, the majority of Systems Administrators speak English fluently and
there's almost no language barrier for reporting attacks.

--

 Osvaldo Janeri Filho
 Consultor em Informatica
 E-Security, E-Commerce, E-solutions
 Fortaleza,CE - Brasil

***************************************************************************
 Email : osvaldojaneri () uol com br
 Tel: +55 (0xx85) 9181-8528
 GnuPG KEY http://pgp5.ai.mit.edu:11371/pks/lookup?op=get&search=0xE88C7991
***************************************************************************

        
On Sat, 8 Jul 2000, Michal Nazarewicz wrote:

> Yesterday, Dan Hollis wrote:
>
> DH>At one time I might have included .pl in that list :-) Thankfully someone
> DH>seems to have taken a clue-by-four to the networks there. Someone hired
> DH>.it and .gr mafia to have a chat with .pl network admins? :-)
>
> Oh, stop complaining about .pl tld -- it's the only domain I know, in
> which there are providers to disable accounts on malicious users, even
> having sent them official letter to their homes (or, to their parents
> :-]). I don't really think that with today's costs of internet access in
> Poland (they are as high as in Japan and the highest in Europe, while
> having mush less earnings here) there may be many script kiddies or
> another haxors.
>
> But, that's not the point. Most of abuses I receive information about
> comes from KREONET (it's a korean network), BORA.NET (that same) and
> Brasil. I've detected one attempt from China. To be honest, I'm scared of
> reporting chinese users' abuses to their authorities -- I can't be sure
> what they will do to their users.
>
> I don't think that it's a language barrier, which prevents ISPs in .kr/.br
> from reacting. It may be an issue of money, their law or -- good will? I,
> however, got the official permit from my employer to cut off Korean and
> Brasilian access to our network.
>
> Having that said: if I can't get any response from ISPs involved, I don't
> want to be with them in one network. It's a really simple command:
> # /usr/sbin/ipchains -A input -j DENY -s [tin.it.ip.address]/255.255.255.0.
>
> DH>As for .kr / .br I think its mainly the language barriers causing
> DH>problems. Hopefully they will get clued in eventually. This is changing,
> DH>slowly, for .jp and .hk thanks to the herculean efforts of some of the
> DH>asia-pacific guys.
>
> For .jp and .hk? I've reported once an issue to one of Japanese ISPs; the
> reply I got were looking like my mail forwarded to another system
> administrator, with added line: "please stop portscanning to
> Poland!!" added at top. Yeah, that's a reply too :-)
>
> PS. Why you wanted to include .pl to that list? Can mail me privately of
> course :-), if Aleph don't want to continue this thread.
>
> --
> Michal 'CeFeK' Nazarewicz   / CAOL, DK GROUP SYSADMIN ^ NETADMIN         B
> ICQ 47171266 / +48 (601) CEFEK 0 / http://www.dkgroup.pl/index.html      O
> mailto:cefek at saydk dot co dot uk / MN4735-RIPE / Pengiun #164007      F
> The best way to accelerate a Macintoy is 9.8 meters per second, squared. H