|
Security Incidents
mailing list archives
Re: big increase in ftp scanning
From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Date: Sun, 12 Nov 2000 13:19:51 +1300
On Thu, 9 Nov 2000 11:04:28 +0100 Jan Muenther <jan () RADIO HUNDERT6 DE>
wrote:
Hi,
<aol>Me too</aol>. I have seen repeated DNS over TCP, ftp and other
scans from dip.t-dialin.net addresses. Complaints to abuse () t-ipnet de
get zero response. In the end I just blocked 212.185.223.0/24.
You should try and send your complaints to abuse () t-online de
These guys generally do a good job, if you provide accurate logs.
Might be more "responsive" if you talk to them in German, which I
am willing to do in case you want me to.
I have also seen a lot of activity from this block -- latest is a ftp
scan of our entire /16 yesterday. I have always had automated
response followed by personal followup to my complaints to
abuse () t-online de In my complaints I alway supply accurate times (GPS
sync'ed) and actual log records. I suspect many ISP simply black hole
any report that does not have both.
That said we do see a lot of activity from this block so I do wonder
how effective their enforcemnet is.
Russell.
 By Date 
By Thread
Current thread:
|
Intro
