nanog mailing list archives
Re: Attacks from poneytelecom.eu
From: Fredrik Korsbäck <hugge () nordu net>
Date: Thu, 4 Jan 2018 09:15:19 +0100
Depends on what "legitimate" means.We have a decent amount of traffic to the network (like 2Gbps sustained in any afternoon). Its typically a mix of bittorrent, tor-relay traffic, ftp-transfers and of course the expected scanners, malware-hosts, ddos-bots and such.
For me Poney/Illiad/Online.net/Scaleway has always been a bulletproof hoster (or bulletproof transit even), the response to abuse has always been NIL. I know tons of my customers just blocks out their whole ip-ranges in their SIP-servers and email-machines to lessen the white-noise.
However - judging from the Online.net website it atleast seems that they are trying to up their game and look like something that would be attractive to a legitimate business to consider. On the other hand, looking at http://as12876.net/ it looks more like something that would rather fit as a place where i put the shady stuff, so not sure where on the map they fall these days.
AS12876 is online.net... home of the €2.99 physical server, perfect for all of your favorite illegitimate activity. I’m curious how much traffic originates from that ASN that is actually legitimate... probably close to none. Sent from my iPhoneOn Jan 3, 2018, at 1:35 AM, Troy Mursch <troy () wolvtech com> wrote: Dovid, Back in September, I documented my poor experience with AS12876 here: https://badpackets.net/ongoing-large-scale-sip-attack- campaign-coming-from-online-sas-as12876/ Since then, their handling of abuse notifications (or lack thereof) has largely remained the same. The volume of malicious traffic from their network hasn't decreased either. As you noted, others have reported similar issues with AS12876, including my associate Dr. Neal Krawetz: https://twitter.com/h ackerfactor/status/932593355648667649. I've also compiled a list of complaints regarding AS12876 in this thread: https://twitter.com/ba d_packets/status/937220987371732992 Thanks, __ *Troy Mursch* @bad_packets <https://twitter.com/bad_packets>On Tue, Jan 2, 2018 at 6:51 PM, Dovid Bender <dovid () telecurve com> wrote: Hi All, Lately we have seen a lot of attacks from IPs where the PTR record ends in poneytelecom.eu to PBX systems. A quick search on twitter ( https://twitter.com/hashtag/poneytelecom) shows multiple people complaining that they reported the IP's yet nothing happens. Has anyone had the pleasure of dealing with them and have you gotten anywhere? I wonder if the only option is public shaming. I would rather not ban their AS as it may hurt legit traffic but I am out of ideas at this point.... TIA. Dovid
-- hugge
Current thread:
- Re: Attacks from poneytelecom.eu, (continued)
- Re: Attacks from poneytelecom.eu Dan Hollis (Jan 04)
- Re: Attacks from poneytelecom.eu William Herrin (Jan 04)
- Re: Attacks from poneytelecom.eu Stephen Satchell (Jan 04)
- Re: Attacks from poneytelecom.eu bzs (Jan 05)
- Re: Attacks from poneytelecom.eu Radu-Adrian Feurdean (Jan 06)
- Re: Attacks from poneytelecom.eu Dan Hollis (Jan 04)
- Re: Attacks from poneytelecom.eu valdis . kletnieks (Jan 04)
- Re: Attacks from poneytelecom.eu Rich Kulawiec (Jan 03)
- Re: Attacks from poneytelecom.eu Tim Burke (Jan 03)
- Re: Attacks from poneytelecom.eu Fredrik Korsbäck (Jan 04)
- Re: Attacks from poneytelecom.eu Rich Kulawiec (Jan 13)
- Re: Attacks from poneytelecom.eu Tom Beecher (Jan 14)