Security Incidents mailing list archives

RE: scanning from WANADOO-CABLE-BD

From: "Jonkman, Matthew A." <Matthew.Jonkman () umb com>
Date: Sun, 2 Jun 2002 23:49:48 -0500

These aren't new by any means. I've been getting ftp probes from that ISP
for over 2 years, that I can recall at least. And those on boxes all around
the globe.

I remember another thread on the subject on some other list. A lot of ISP
sysadmins were considering blackhole routing their nets. Nothing seems to
have come of it though.

It could be useful if there was a concerted effort underway to blackhole
them, or if a few major providers could be convinced to blackhole them on a
backbone somewhere. That's the kind of pressure it'll probably take to make
something happen.

Till then, I keep up on my patches and firewall rules. And will
thereafter....  :)

Matthew Jonkman, CISSP
Senior Data Security Engineer




-----Original Message-----
From: Hugo van der Kooij [mailto:hvdkooij () vanderkooij org] 
Sent: Sunday, June 02, 2002 1:17 PM
To: Incidents Mailing List
Subject: scanning from WANADOO-CABLE-BD


Hi,

Did others notice intensive scans from:
        inetnum:      213.17.86.0 - 213.17.89.255
        netname:      WANADOO-CABLE-BD
as well?

I got scans from several host resulting in plenty of lines in my log 
files. After sending a complaint I got an automated response claiming thay 
can not do a thing about it.

According to Dutch law and their AUP they can act upon the information but 
apparantly tell averyone they do not wish to do so.

I suggest any one of you that has seen scans from this netwok and received 
a similar message to complain pointing them to applicable Dutch law under 
the name "Wet computer criminaliteit" (computer crime law) as described 
under the section "compter terreur" (computer terror).

A sample of one of these prbes will be available on my website later.

Hugo.

-- 
All email send to me is bound to the rules described on my homepage.
    hvdkooij () vanderkooij org         http://hvdkooij.xs4all.nl/
            Don't meddle in the affairs of sysadmins,
            for they are subtle and quick to anger.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

scanning from WANADOO-CABLE-BD Hugo van der Kooij (Jun 02)
- Re: scanning from WANADOO-CABLE-BD Jon Nelson (Jun 03)
  - Re: scanning from WANADOO-CABLE-BD Pieter-Bas IJdens (Jun 04)
  - Re: scanning from WANADOO-CABLE-BD Abhi (Jun 04)
- <Possible follow-ups>
- RE: scanning from WANADOO-CABLE-BD Jonkman, Matthew A. (Jun 03)
- RE: scanning from WANADOO-CABLE-BD NESTING, DAVID M (SBCSI) (Jun 03)