nanog mailing list archives

Re: Attacks from poneytelecom.eu

From: Rich Kulawiec <rsk () gsp org>
Date: Wed, 3 Jan 2018 04:12:53 -0500

On Tue, Jan 02, 2018 at 11:35:14PM -0800, Troy Mursch wrote:

Back in September, I documented my poor experience with AS12876 here:


[snip]

That AS has been originating brute-force attacks against ssh, pop, imap, etc.
for at least four years (and likely longer, but I didn't have older logs
handy).  It's also a persistent high-volume source of spam.  Its operators
are either thoroughly incompetent or fully complicit; there's no way to
tell from outside and operationally, it makes no difference.  So at minimum
I recommend blocking all connections from it to authenticated services
and refusing all SMTP traffic from rev.poneytelecom.eu and
rev.cloud.scaleway.com.

---rsk

Current thread:

Re: Attacks from poneytelecom.eu, (continued)
- - - Re: Attacks from poneytelecom.eu Rob McEwen (Jan 04)
    - Re: Attacks from poneytelecom.eu William Herrin (Jan 04)
    - Re: Attacks from poneytelecom.eu Dan Hollis (Jan 04)
    - Re: Attacks from poneytelecom.eu William Herrin (Jan 04)
    - Re: Attacks from poneytelecom.eu Stephen Satchell (Jan 04)
    - Re: Attacks from poneytelecom.eu bzs (Jan 05)
    - Re: Attacks from poneytelecom.eu Radu-Adrian Feurdean (Jan 06)
    - Re: Attacks from poneytelecom.eu Dan Hollis (Jan 04)
    - Re: Attacks from poneytelecom.eu valdis . kletnieks (Jan 04)
- Re: Attacks from poneytelecom.eu Troy Mursch (Jan 02)
  - Re: Attacks from poneytelecom.eu Rich Kulawiec (Jan 03)
  - Re: Attacks from poneytelecom.eu Tim Burke (Jan 03)
    - Re: Attacks from poneytelecom.eu Fredrik Korsbäck (Jan 04)
    - Re: Attacks from poneytelecom.eu Rich Kulawiec (Jan 13)
    - Re: Attacks from poneytelecom.eu Tom Beecher (Jan 14)
    - Re: Attacks from poneytelecom.eu Stephen Satchell (Jan 04)
    - Re: Attacks from poneytelecom.eu Radu-Adrian Feurdean (Jan 06)
  - Re: Re: Attacks from poneytelecom.eu Filip Hruska (Jan 03)