dos's from simflex.com

[Jason Storm <sec () ORGONE NEGATION NET>]

Last night we had our primary nameserver dropped by a user on a
simflex.com ip.

No valid phone number at ARIN, so we emailed the contact.

Our complaint was responded to today with a "we dont know who was on that
ip but please tell us if it happens again" response.

Well, it happened again, from the exact same ip:

20:00:57.613366 208.33.12.203 > 206.16.67.10: (frag 38760:552@5520+)
20:00:57.620674 208.33.12.203 > 206.16.67.10: (frag 38760:552@6072+)
20:00:57.627898 208.33.12.203 > 206.16.67.10: ip-proto-254 552 (frag
39016:552@0+)
20:00:57.635366 208.33.12.203 > 206.16.67.10: (frag 39016:552@552+)
20:00:57.642603 208.33.12.203 > 206.16.67.10: (frag 39016:552@1104+)
20:00:57.649813 208.33.12.203 > 206.16.67.10: (frag 39016:552@1656+)
20:00:57.684226 208.33.12.203 > 206.16.67.10: (frag 39272:552@552+)


About 40 minutes worth of this.

Has anyone else seen trouble from this subnet?  If the upstream cant
figure out who owns a static ip, I feel fairly sure that the person whose
box sits on it has been hitting other sites.  The cats away as it were,
and the mouse is definately up to no good.

Jason Storm
Negation Industries