nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica

From: Jay Ashworth <jra () baylink com>
Date: Tue, 4 Mar 2014 12:38:24 -0500 (EST)
----- Original Message -----

From: "Andrew Latham" <lathama () gmail com>



you wanted to say "blackhole those 5.45.72.0/22 and 5.45.76.0/22",



Jay is right, it is just the /32s at the moment... Dropping the /22s
could cause other sites to be blocked.

inetnum: 5.45.72.0 - 5.45.75.255
netname: INFERNO-NL-DE
descr: ********************************************************
descr: * We provide virtual and dedicated servers on this Subnet.
descr: *
descr: * Those services are self managed by our customers
descr: * therefore, we are not using this IP space ourselves
descr: * and it could be assigned to various end customers.
descr: *
descr: * In case of issues related with SPAM, Fraud,
descr: * Phishing, DDoS, portscans or others,
descr: * feel free to contact us with relevant info
descr: * and we will shut down this server: abuse () 3nt com
descr: ********************************************************
country: NL
admin-c: TNTS-RIPE
tech-c: TNTS-RIPE
status: ASSIGNED PA
mnt-by: MNT-3NT
mnt-routes: serverius-mnt
source: RIPE # Filtered


Though, for the record, I see I have ssh bruteforce in my logs this week
from 5.39.223.8; what it is with 5/8 this month?

Cheers,
-- jra
-- 
Jay R. Ashworth                  Baylink                       jra () baylink com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates       http://www.bcp38.info          2000 Land Rover DII
St Petersburg FL USA      BCP38: Ask For It By Name!           +1 727 647 1274
Previous By Date Next
Previous By Thread Next

Current thread: