RE: similar problems to (NET-MDC-NET)

["fuzzz" <fuzzz () charter net>]

similarly the University for which I am a System Security Analyst holds the
class B X.Y other X.x ranges continue to slam us with code red traffic
including Cisco of all people. Any attempts at communication via arin listed
contacts has proved useless. the 100 to 200 code red hits are camouflaging
another 20 or so other http exploits to the point where we are having some
difficulty sorting the other exploits from the noise.  Any rational
suggestions are welcome, we have decided Code-"fixit" would do more harm
than good reguardless of legal implicatoins.

fuzzz () webchoice net

-----Original Message-----
From: r.fulton () auckland ac nz [mailto:r.fulton () auckland ac nz]
Sent: Monday, September 10, 2001 4:54 PM
To: incidents () securityfocus com
Subject: Contact for McDonnell Douglas Corporation (NET-MDC-NET)


There are a whole bunch of code red II compromised boxes in 130.38/16.
I have tried contacting the address given by ARIN (below) but have not
had any response in well over a week.  Anyone have any other
suggestions on who to contact to get some action??

Cheers, Russell.

whois -h whois.arin.net 130.38
McDonnell Douglas Corporation (NET-MDC-NET)
   5701 Katella K34-4E
   Cypress, CA 90630
   US

Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com