Security Incidents mailing list archives
RE: scanning from WANADOO-CABLE-BD
From: "Jonkman, Matthew A." <Matthew.Jonkman () umb com>
Date: Sun, 2 Jun 2002 23:49:48 -0500
These aren't new by any means. I've been getting ftp probes from that ISP for over 2 years, that I can recall at least. And those on boxes all around the globe. I remember another thread on the subject on some other list. A lot of ISP sysadmins were considering blackhole routing their nets. Nothing seems to have come of it though. It could be useful if there was a concerted effort underway to blackhole them, or if a few major providers could be convinced to blackhole them on a backbone somewhere. That's the kind of pressure it'll probably take to make something happen. Till then, I keep up on my patches and firewall rules. And will thereafter.... :) Matthew Jonkman, CISSP Senior Data Security Engineer -----Original Message----- From: Hugo van der Kooij [mailto:hvdkooij () vanderkooij org] Sent: Sunday, June 02, 2002 1:17 PM To: Incidents Mailing List Subject: scanning from WANADOO-CABLE-BD Hi, Did others notice intensive scans from: inetnum: 213.17.86.0 - 213.17.89.255 netname: WANADOO-CABLE-BD as well? I got scans from several host resulting in plenty of lines in my log files. After sending a complaint I got an automated response claiming thay can not do a thing about it. According to Dutch law and their AUP they can act upon the information but apparantly tell averyone they do not wish to do so. I suggest any one of you that has seen scans from this netwok and received a similar message to complain pointing them to applicable Dutch law under the name "Wet computer criminaliteit" (computer crime law) as described under the section "compter terreur" (computer terror). A sample of one of these prbes will be available on my website later. Hugo. -- All email send to me is bound to the rules described on my homepage. hvdkooij () vanderkooij org http://hvdkooij.xs4all.nl/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- scanning from WANADOO-CABLE-BD Hugo van der Kooij (Jun 02)
- Re: scanning from WANADOO-CABLE-BD Jon Nelson (Jun 03)
- Re: scanning from WANADOO-CABLE-BD Pieter-Bas IJdens (Jun 04)
- Re: scanning from WANADOO-CABLE-BD Abhi (Jun 04)
- <Possible follow-ups>
- RE: scanning from WANADOO-CABLE-BD Jonkman, Matthew A. (Jun 03)
- RE: scanning from WANADOO-CABLE-BD NESTING, DAVID M (SBCSI) (Jun 03)
- Re: scanning from WANADOO-CABLE-BD Jon Nelson (Jun 03)