Re: Attacks from poneytelecom.eu

[Troy Mursch <troy () wolvtech com>]

Dovid,

Back in September, I documented my poor experience with AS12876 here:
https://badpackets.net/ongoing-large-scale-sip-attack-
campaign-coming-from-online-sas-as12876/
Since then, their handling of abuse notifications (or lack thereof) has
largely remained the same. The volume of malicious traffic from their
network hasn't decreased either.

As you noted, others have reported similar issues with AS12876, including
my associate Dr. Neal Krawetz: https://twitter.com/h
ackerfactor/status/932593355648667649. I've also compiled a list of
complaints regarding AS12876 in this thread: https://twitter.com/ba
d_packets/status/937220987371732992


Thanks,
__

*Troy Mursch*

@bad_packets <https://twitter.com/bad_packets>

On Tue, Jan 2, 2018 at 6:51 PM, Dovid Bender <dovid () telecurve com> wrote:

> Hi All,
>
> Lately we have seen a lot of attacks from IPs where the PTR record ends in
> poneytelecom.eu to PBX systems. A quick search on twitter (
> https://twitter.com/hashtag/poneytelecom) shows multiple people
> complaining
> that they reported the IP's yet nothing happens. Has anyone had the
> pleasure of dealing with them and have you gotten anywhere? I wonder if the
> only option is public shaming.
>
> I would rather not ban their AS as it may hurt legit traffic but I am out
> of ideas at this point....
>
> TIA.
>
> Dovid