r.fultonAUCKLAND.AC.NZ

• Next message: Laura Nuñez: "Re: Please help identify this traffic"
• Previous message: [ K o S a K ]: "DDOS ?"
• In reply to: Jan Muenther: "Re: big increase in ftp scanning"
• Next in thread: Andreas Ferber: "Re: big increase in ftp scanning"
• Next in thread: Dirk Meyer: "Re: big increase in ftp scanning"
• Reply: Russell Fulton: "Re: big increase in ftp scanning"
• Reply: Andreas Ferber: "Re: big increase in ftp scanning"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 9 Nov 2000 11:04:28 +0100 Jan Muenther <janRADIO.HUNDERT6.DE>
wrote:

> Hi,
>
> > <aol>Me too</aol>. I have seen repeated DNS over TCP, ftp and other
> > scans from dip.t-dialin.net addresses. Complaints to abuset-ipnet.de
> > get zero response. In the end I just blocked 212.185.223.0/24.
>
> You should try and send your complaints to abuset-online.de.
> These guys generally do a good job, if you provide accurate logs.
> Might be more "responsive" if you talk to them in German, which I
> am willing to do in case you want me to.

I have also seen a lot of activity from this block -- latest is a ftp
scan of our entire /16 yesterday. I have always had automated
response followed by personal followup to my complaints to
abuset-online.de. In my complaints I alway supply accurate times (GPS
sync'ed) and actual log records. I suspect many ISP simply black hole
any report that does not have both.

That said we do see a lot of activity from this block so I do wonder
how effective their enforcemnet is.

Russell.

• Next message: Laura Nuñez: "Re: Please help identify this traffic"
• Previous message: [ K o S a K ]: "DDOS ?"
• In reply to: Jan Muenther: "Re: big increase in ftp scanning"
• Next in thread: Andreas Ferber: "Re: big increase in ftp scanning"
• Next in thread: Dirk Meyer: "Re: big increase in ftp scanning"
• Reply: Russell Fulton: "Re: big increase in ftp scanning"
• Reply: Andreas Ferber: "Re: big increase in ftp scanning"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]