Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Strange accumulation of scans from Korea (KORNET/HANANET)

From: "Ralf G. R. Bergs" <rabe () RWTH-Aachen DE>
Date: Wed, 14 Mar 2001 21:51:33 +0100
On Fri, 9 Mar 2001 09:38:30 -0500, John wrote:


I'm just observing a very strange accumulation of network scans from Korea.

[...]

I've notified the respective netblock owners and cc'ed the KR CERT.

[...]

 This same network has been scanning my network(s), for about
two weeks now. I have reported every scan, but had no luck in
hearing back from anyone. I have been busy lately, but I am
going to have an associate in Korea call them for me, as I am
located in the states.


Well, I *did* receive replies from KR-CERT, such as the following:


Thank you for informing us of this incident.
We will contact the offending site you mentioned. [211.208.172.152 ]

Best Regards,
xxxx, xxxxxxx(CERTCC-KR)
-----------------------
Tracking code [CERTCC-KR#xxxxxxxx] has been assigned to this incident. We
would appreciate being mailed or CCed any correspondence relating to
this incident. Please include the tracking code in the subject line.


One thing that really p*ss*s me off is that the scans from some of the hosts I
reported *still* continue... :-(

PS: Greetings to Tampa, I've got a cousin in Riverview...


--
Sign the EU petition against SPAM:          L I N U X       .~.
http://www.politik-digital.de/spam/        The  Choice      /V\
                                            of a  GNU      /( )\
                                           Generation      ^^-^^
Previous By Date Next
Previous By Thread Next

Current thread: