RE: Network 195.70.202.0/24 is hacker-freindly

["Boyan Krosnov" <bkrosnov () lirex bg>]

I had an abuse report case today in which the party responsible for the
addresses basicaly said:
"Viruses are not network abuse" and " People who have registered the
addresses are not the ones who the abuse report should be sent to."
And they were, of course, given a course on how abuse reporting
works(and has worked in mass histeria times like Code Red, etc.), and
why they should participate in it. Not that it changed their mind, but
we tried, really.

The last exchange was like:
me: "If you don't take responsibility for actions made from your
addresses, we are seriously considering the posibility of stopping any
exchage of traffic with your addresses."
them: "NO PROVIDER ON THIS WORLD takes this responsibility. You are
wrong " and bla,bla,bla and "There is a recomendation of the European
union that every provider should provide anonymous access to their
network, so we don't have to care who is behind every single account."
a colegue: "If you really think that "phone companies are not
responsible for conversations over their networks" (an actual quote of
you), would you please give me your phone number so that I can call you
every night between 2 and 5. But don't contact the phone company about
that, because they "are not responsible", so there is no need for them
to do anything."

What do you all-on-this-list think about it?
Are you willing to communicate with address blocks that have a
report-handling policy like this one?
Do you know of a blacklist for documented networks with bad network
abuse handling policies aka. hacker friendly.

BR,
CCNP Boyan Krosnov
Network Administrator
Lirex Net
phone: +359-2-91815
 
> -----Original Message-----
> From: Pavel Lozhkin [mailto:pavel () atrivo com]
> Sent: Monday, December 03, 2001 11:01 PM
> To: incidents () securityfocus com
> Subject: Network 195.70.202.0/24 is hacker-freindly
>
>
> Hello !
>
> I got attempt to infect my server by Nimda virus from 195.70.202.138
> The administrator of the network (it is San Peterburg state 
> University's
> net) wrote me on my complain that he does not want to clean 
> his infected
> machines and that he does not have any contract with my firm 
> so that i'm
> unable to ask him to clean these computers from where i got these
> attempts and unable to ask him anything.
> And he will scan me in any time if he wants, and i should not 
> ask him to
> stop that.
>
> So that i consider the net 195.70.202.0/24 as uncontrolled 
> one and block
> the network by my firewall and recommend all peoples do the same thing
>
> Pavel
>
>
> --------------------------------------------------------------
> --------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management 
> and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com