Security Incidents mailing list archives
Re: scan log and subsequent response from the host's ISP
From: osvaldojaneri () UOL COM BR (Osvaldo Janeri Filho)
Date: Mon, 10 Jul 2000 12:04:03 -0300
Brazil is one of the biggest population of internet users on Americas. It's the #1 on Latin American. We are experiencing the internet boom here (Free internet access is a reality here), and a lot of new people are getting connected. The laws about digital crimes aren't clear (We don't have any a couple of months ago) and the authorities are slow on 'hacker' activies. But the ISP's here IMHO are very comprenhesive about the topic, and then often try to stop these acts. So , I think it's not a really good idea to block entire .br subnets, because you can block access from many, many 'innocent' individuals. But I really agree to blacklist ISPs that don't collaborate with the efforts to stop that. And here on Brazil, the majority of Systems Administrators speak English fluently and there's almost no language barrier for reporting attacks. -- Osvaldo Janeri Filho Consultor em Informatica E-Security, E-Commerce, E-solutions Fortaleza,CE - Brasil *************************************************************************** Email : osvaldojaneri () uol com br Tel: +55 (0xx85) 9181-8528 GnuPG KEY http://pgp5.ai.mit.edu:11371/pks/lookup?op=get&search=0xE88C7991 *************************************************************************** On Sat, 8 Jul 2000, Michal Nazarewicz wrote:
Yesterday, Dan Hollis wrote: DH>At one time I might have included .pl in that list :-) Thankfully someone DH>seems to have taken a clue-by-four to the networks there. Someone hired DH>.it and .gr mafia to have a chat with .pl network admins? :-) Oh, stop complaining about .pl tld -- it's the only domain I know, in which there are providers to disable accounts on malicious users, even having sent them official letter to their homes (or, to their parents :-]). I don't really think that with today's costs of internet access in Poland (they are as high as in Japan and the highest in Europe, while having mush less earnings here) there may be many script kiddies or another haxors. But, that's not the point. Most of abuses I receive information about comes from KREONET (it's a korean network), BORA.NET (that same) and Brasil. I've detected one attempt from China. To be honest, I'm scared of reporting chinese users' abuses to their authorities -- I can't be sure what they will do to their users. I don't think that it's a language barrier, which prevents ISPs in .kr/.br from reacting. It may be an issue of money, their law or -- good will? I, however, got the official permit from my employer to cut off Korean and Brasilian access to our network. Having that said: if I can't get any response from ISPs involved, I don't want to be with them in one network. It's a really simple command: # /usr/sbin/ipchains -A input -j DENY -s [tin.it.ip.address]/255.255.255.0. DH>As for .kr / .br I think its mainly the language barriers causing DH>problems. Hopefully they will get clued in eventually. This is changing, DH>slowly, for .jp and .hk thanks to the herculean efforts of some of the DH>asia-pacific guys. For .jp and .hk? I've reported once an issue to one of Japanese ISPs; the reply I got were looking like my mail forwarded to another system administrator, with added line: "please stop portscanning to Poland!!" added at top. Yeah, that's a reply too :-) PS. Why you wanted to include .pl to that list? Can mail me privately of course :-), if Aleph don't want to continue this thread. -- Michal 'CeFeK' Nazarewicz / CAOL, DK GROUP SYSADMIN ^ NETADMIN B ICQ 47171266 / +48 (601) CEFEK 0 / http://www.dkgroup.pl/index.html O mailto:cefek at saydk dot co dot uk / MN4735-RIPE / Pengiun #164007 F The best way to accelerate a Macintoy is 9.8 meters per second, squared. H
Current thread:
- Re: Simultaneous Attacks, (continued)
- Re: Simultaneous Attacks Ryan Russell (Jul 07)
- Ehm... what? (Re: Simultaneous Attacks) Martin Macok (Jul 11)
- Re: Simultaneous Attacks Richard Bejtlich (Jul 11)
- Re: scan log and subsequent response from the host's ISP Ejovi Nuwere (Jul 06)
- Re: scan log and subsequent response from the host's ISP Brooke, O'Neil (Jul 06)
- Re: scan log and subsequent response from the host's ISP Jason Storm (Jul 07)
- 6200/tcp Werner Iknaroff-Zhikovsky (Jul 09)
- Re: scan log and subsequent response from the host's ISP Michal Nazarewicz (Jul 07)
- Re: scan log and subsequent response from the host's ISP Dan Hollis (Jul 07)
- Re: scan log and subsequent response from the host's ISP Michal Nazarewicz (Jul 07)
- Re: scan log and subsequent response from the host's ISP Osvaldo Janeri Filho (Jul 10)
- Intrusion, WuFTP exploit? David Knaack (Jul 07)
- Re: scan log and subsequent response from the host's ISP Philipp Buehler (Jul 11)
- Re: scan log and subsequent response from the host's ISP Dan Hollis (Jul 07)
- Re: scan log and subsequent response from the host's ISP Pauel Loshkin (Jul 07)
- Re: scan log and subsequent response from the host's ISP Dan Hollis (Jul 10)
- Re: scan log and subsequent response from the host's ISP Pavel Lozhkin (Jul 10)
- Snort (about large-udp attack) JW Oh (Jul 10)
- Re: lifestages on IRC Robert van der Meulen (Jul 10)
- Re: lifestages on IRC Vincent Hillier (Jul 10)
- Re: lifestages on IRC T. H. Haymore (Jul 10)