Security Incidents mailing list archives

RE: China Experience ?

From: Curley Mr Eric P <CurleyEP () NOC USMC MIL>
Date: Mon, 22 Jul 2002 13:20:00 -0400

When you are referring to black hole do you mean Black Hat (bad guys) list?
CHINANET is a very big offender when it comes to Incident based activity.
Now take into account that that does not mean that is where the attack is
originating from.  It also does not mean that the sysadmin's are ignoring
abuse complaints; there are usually massive amounts of incidents that this
region has to attend to and there is usually a lack of personnel or
knowledge to compensate for the demand.  Other subnets to look out for are
from Korea, Taiwan and Hong Kong.  I have seen many incidents coming from
these netblocks as well. Performing Arin lookup's and IP index research will
give you a quantitive list of IP's to keep an eye on after incidents occur.

-----Original Message-----
From: incidents.nospam13 () web-cities net
[mailto:incidents.nospam13 () web-cities net]
Sent: Monday, July 22, 2002 12:40 PM
Cc: incidents () securityfocus com
Subject: Re: China Experience ?


How many of you blackhole ISP's?
I blackhole generic stuff like on the secure IOS templates but never really
considered this.
Anyone have a blackhole lists that they can share?

Regards,
Dr Bado.

----- Original Message -----
From: "Curley Mr Eric P" <CurleyEP () NOC USMC MIL>
To: <bonk () webchat chatsystems com>; "Bob DeRosier"
<bob.derosier () globalenglish net>
Cc: <incidents () securityfocus com>
Sent: Monday, July 22, 2002 5:22 AM
Subject: RE: China Experience ?

I'm going to have to agree with Bob on this one.  I know that most of us
like to go to the heart of the problem and contact the ISP's sysadmin in
times of abuse and policy issues but these subnet have been well known for
quite some time to be black hat sanctuaries.  I personal block all of

these

subnet's at the border.  If I don't do business with them then I don't

need

to see their traffic.  It has cleared up a lot of noise coming over the
wire.

Cheers,
Eric

-----Original Message-----
From: bonk () webchat chatsystems com [mailto:bonk () webchat chatsystems com]
Sent: Friday, July 19, 2002 9:41 PM
To: Bob DeRosier
Cc: incidents () securityfocus com
Subject: Re: China Experience ?

On Fri, 19 Jul 2002, Bob DeRosier wrote:


I am looking for information about dealing with the authorities in China
with regard to attack attempts.  Does anyone know what the procedure is,

who

to contact, what they do after they are contacted, any possible fallout

from

such an action ?


From a security standpoint, I've found that null routing all of their IP
space you can find is very benefecial.  In dealing with security and abuse
related issues for quite some time, I have never had China reply or take
any action so I've been forced to the extreme in the case with China (and
others).

Bob






=================================================
Travis
www.cyberabuse.org/crimewatch
Email: Bonk () chatsystems com | Bonk () cyberabuse org
=================================================
/"\
\ /
 X   ASCII Ribbon Campaign
/ \  Against HTML Email


--------------------------------------------------------------------------

--

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

--------------------------------------------------------------------------

--

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

RE: China Experience ? Curley Mr Eric P (Jul 22)
- Re: China Experience ? incidents.nospam13 (Jul 22)
  - Re: China Experience ? Paul Gear (Jul 22)
- <Possible follow-ups>
- RE: China Experience ? Curley Mr Eric P (Jul 22)
- Re: China Experience ? SecurityPortal (Jul 23)
- Re: Re: China Experience ? kevin.chen (Jul 23)
  - Re: Re: China Experience ? Alif The Terrible (Jul 23)
    - Re: Re: China Experience ? Chris Brenton (Jul 23)
    - Re: China Experience ? euan (Jul 23)
    - Re: China Experience ? Jay D. Dyson (Jul 24)
    - Message not available
    - Re: China Experience ? euan (Jul 24)
    - Re: China Experience ? Chris Brenton (Jul 24)
    - Re: China Experience ? Ken Blinco (Jul 23)
    - Re: Re: China Experience ? Nick FitzGerald (Jul 24)

(Thread continues...)