Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: big increase in ftp scanning

From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Date: Sun, 12 Nov 2000 13:19:51 +1300
On Thu, 9 Nov 2000 11:04:28 +0100 Jan Muenther <jan () RADIO HUNDERT6 DE>
wrote:


Hi,


<aol>Me too</aol>.  I have seen repeated DNS over TCP, ftp and other
scans from dip.t-dialin.net addresses.  Complaints to abuse () t-ipnet de
get zero response.  In the end I just blocked 212.185.223.0/24.


You should try and send your complaints to abuse () t-online de.
These guys generally do a good job, if you provide accurate logs.
Might be more "responsive" if you talk to them in German, which I
am willing to do in case you want me to.


I have also seen a lot of activity from this block -- latest is a ftp
scan of our entire /16 yesterday.  I have always had automated
response followed by personal followup to my complaints to
abuse () t-online de. In my complaints I alway supply accurate times (GPS
sync'ed) and actual log records.  I suspect many ISP simply black hole
any report that does not have both.

That said we do see a lot of activity from this block so I do wonder
how effective their enforcemnet is.

Russell.
Previous By Date Next
Previous By Thread Next

Current thread: