Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

RE: scanning from WANADOO-CABLE-BD
From: "Jonkman, Matthew A." <Matthew.Jonkman () umb com>
Date: Sun, 2 Jun 2002 23:49:48 -0500 
These aren't new by any means. I've been getting ftp probes from that ISP
for over 2 years, that I can recall at least. And those on boxes all around
the globe.

I remember another thread on the subject on some other list. A lot of ISP
sysadmins were considering blackhole routing their nets. Nothing seems to
have come of it though.

It could be useful if there was a concerted effort underway to blackhole
them, or if a few major providers could be convinced to blackhole them on a
backbone somewhere. That's the kind of pressure it'll probably take to make
something happen.

Till then, I keep up on my patches and firewall rules. And will
thereafter....  :)

Matthew Jonkman, CISSP
Senior Data Security Engineer




-----Original Message-----
From: Hugo van der Kooij [mailto:hvdkooij () vanderkooij org] 
Sent: Sunday, June 02, 2002 1:17 PM
To: Incidents Mailing List
Subject: scanning from WANADOO-CABLE-BD


Hi,

Did others notice intensive scans from:
        inetnum:      213.17.86.0 - 213.17.89.255
        netname:      WANADOO-CABLE-BD
as well?

I got scans from several host resulting in plenty of lines in my log 
files. After sending a complaint I got an automated response claiming thay 
can not do a thing about it.

According to Dutch law and their AUP they can act upon the information but 
apparantly tell averyone they do not wish to do so.

I suggest any one of you that has seen scans from this netwok and received 
a similar message to complain pointing them to applicable Dutch law under 
the name "Wet computer criminaliteit" (computer crime law) as described 
under the section "compter terreur" (computer terror).

A sample of one of these prbes will be available on my website later.

Hugo.

-- 
All email send to me is bound to the rules described on my homepage.
    hvdkooij () vanderkooij org         http://hvdkooij.xs4all.nl/
            Don't meddle in the affairs of sysadmins,
            for they are subtle and quick to anger.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]