|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: scan log and subsequent response from the host's ISP
From: Forrester, Mike (mforrester
HSACORP.NET)Date: Fri Jul 07 2000 - 11:57:08 CDT
- Next message: Brooke, O'Neil: "Re: scan log and subsequent response from the host's ISP"
- Previous message: Harlan S. Barney, Jr.: "Simultaneous Attacks"
- Maybe in reply to: Bradley Woodward: "scan log and subsequent response from the host's ISP"
- Next in thread: StrmShdw: "Re: scan log and subsequent response from the host's ISP"
- Next in thread: Brooke, O'Neil: "Re: scan log and subsequent response from the host's ISP"
- Maybe reply: Forrester, Mike: "Re: scan log and subsequent response from the host's ISP"
- Reply: StrmShdw: "Re: scan log and subsequent response from the host's ISP"
- Reply: Osvaldo Janeri Filho: "tin.it and others non collaborative isps."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
According to ripe.net, they own 212.216.0.0 - 212.216.255.255 so everyone
might want to block their whole range...
While poking around, I found several references to interbusiness.it as shown
near the end.
BTW - Does anyone know of a site that lists known 'rogue' ISP's and why they
are considered such?
Mike Forrester - Systems Security Engineer
High Speed Access Corp. - Denver, CO USA
mforresterhsacorp.net - +1 303 256 2134
From ripe.net:
inetnum: 212.216.0.0 - 212.216.255.255
netname: IT-TIN-980225
descr: Telecom Italia Net
descr: PROVIDER
country: IT
admin-c: EB339-RIPE
tech-c: DSF11
tech-c: MC4803-RIPE
tech-c: CC297-RIPE
tech-c: MP3870
tech-c: SP46-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: INTERB-MNT
changed: hostmasterripe.net 19980225
changed: hostmasterripe.net 19980226
changed: hostmasterripe.net 19980513
changed: hostmasterripe.net 19980914
changed: hostmasterripe.net 19980916
changed: hostmasterripe.net 19990316
changed: hostmasterripe.net 19990322
changed: hostmasterripe.net 20000128
changed: hostmasterripe.net 20000303
changed: hostmasterripe.net 20000316
source: RIPE
route: 212.216.0.0/16
descr: INTERBUSINESS
origin: AS3269
advisory: AS690 1:701 2:1800
mnt-by: INTERB-MNT
changed: cgiadmincgi.interbusiness.it 19980422
source: RIPE
> -----Original Message-----
> From: Dan Hollis [mailto:goemonSASAMI.ANIME.NET]
> Sent: Wednesday, July 05, 2000 5:08 PM
> To: INCIDENTSSECURITYFOCUS.COM
> Subject: Re: scan log and subsequent response from the host's ISP
>
>
> On Mon, 3 Jul 2000, Bradley Woodward wrote:
> > These scans are so common, I wouldn't bother posting them,
> except for the
> > rather disappointing response from the ISP's support
> department. I've
> > included an edited log file and email response.
>
> Hm time to blackhole route 212.216.184.0 - 212.216.191.255?
> Their response
> definitely makes them rogue.
>
> -Dan
>
- Next message: Brooke, O'Neil: "Re: scan log and subsequent response from the host's ISP"
- Previous message: Harlan S. Barney, Jr.: "Simultaneous Attacks"
- Maybe in reply to: Bradley Woodward: "scan log and subsequent response from the host's ISP"
- Next in thread: StrmShdw: "Re: scan log and subsequent response from the host's ISP"
- Next in thread: Brooke, O'Neil: "Re: scan log and subsequent response from the host's ISP"
- Maybe reply: Forrester, Mike: "Re: scan log and subsequent response from the host's ISP"
- Reply: StrmShdw: "Re: scan log and subsequent response from the host's ISP"
- Reply: Osvaldo Janeri Filho: "tin.it and others non collaborative isps."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]