nanog mailing list archives
Re: Attacks from poneytelecom.eu
From: Dovid Bender <dovid () telecurve com>
Date: Wed, 3 Jan 2018 03:00:31 -0500
Mcikael, 1) As others have mentioned your AS seemingly has a history of tolerating abuse. I know some of the other VPS players such as DO have automated scripts that look for attacks and lock them out. I see you peer with them perhaps they can share some scripts ;) 2) I went to the abuse URL you have posted and it just lands at your main page. The offending IP was 195.154.182.242. I checked two different boxes (one our own range and another a hosted box elsewhere) and both have entries in the last 3 days from that IP. Scans have been going on for at least the last 48+ hours. On Wed, Jan 3, 2018 at 2:47 AM, Mickael Marchand <mmarchand () corp free fr> wrote:
Hi Dovid, Just fill in our abuse form at https://abuse. <https://abuse.scaleway> online.net I know people feel these are not processed but they actually are (and human reviewed) we are improving our automated tracking of bad guys more reports come in, easier it is in the end. note that most IPs you report are rented per minute and it’s usually not the same account (but often the same IP as they are reused quickly I agree), we are working on killing these accounts as fast as we can we have a long awaited overall of our abuse system coming in the next months and additional global scale network security in the pipe (automated SIP scan detection and blocking is among them for example) regards Mik Le 3 janv. 2018 à 04:11, Ahad Aboss <ahad () swiftelnetworks com> a écrit : Have you emailed their abuse or NOC teams with the attack logs from their IPs? Sometimes ISP servers or their customer CPEs are compromised without their knowledge. On Wed, 3 Jan 2018 at 1:56 pm, Dovid Bender <dovid () telecurve com> wrote: Hi All, Lately we have seen a lot of attacks from IPs where the PTR record ends in poneytelecom.eu to PBX systems. A quick search on twitter ( https://twitter.com/hashtag/poneytelecom) shows multiple people complaining that they reported the IP's yet nothing happens. Has anyone had the pleasure of dealing with them and have you gotten anywhere? I wonder if the only option is public shaming. I would rather not ban their AS as it may hurt legit traffic but I am out of ideas at this point.... TIA. Dovid -- Mickael Marchand, VP Network Scaleway - Online.net Looking for an amazing job? Join us NOW ! https://careers.scaleway.com/
Current thread:
- Attacks from poneytelecom.eu Dovid Bender (Jan 02)
- Re: Attacks from poneytelecom.eu Ahad Aboss (Jan 02)
- Message not available
- Re: Attacks from poneytelecom.eu Dovid Bender (Jan 03)
- Re: Attacks from poneytelecom.eu Dan Hollis (Jan 03)
- Re: Attacks from poneytelecom.eu William Herrin (Jan 04)
- Re: Attacks from poneytelecom.eu Dovid Bender (Jan 04)
- Re: Attacks from poneytelecom.eu Dovid Bender (Jan 05)
- Re: Attacks from poneytelecom.eu Stephen Satchell (Jan 05)
- Message not available
- Re: Attacks from poneytelecom.eu Rich Kulawiec (Jan 04)
- Re: Attacks from poneytelecom.eu valdis . kletnieks (Jan 04)
- Re: Attacks from poneytelecom.eu Michael Crapse (Jan 04)
- Re: Attacks from poneytelecom.eu valdis . kletnieks (Jan 04)
- Re: Attacks from poneytelecom.eu Rob McEwen (Jan 04)
- Re: Attacks from poneytelecom.eu Ahad Aboss (Jan 02)