mailing list archives
Edge 1 Networks/Williams Communications Group
From: Jeff Kell <jeff-kell () utc edu>
Date: Mon, 04 Aug 2003 22:26:02 -0400
After several run-ins with Edge 1 Networks [188.8.131.52/22] having their
machines "hijack" victim machines on our networks infected with Jeem,
and then making their spam runs, I've had it. I have reported both to
Edge 1 and their parent Williams Communications Group [AS7911] with no
result and I will be blocking Edge 1 [in theory, AS29986, but no doubt
private spewage from WCG.NET).
They hijacked a Jeem proxy on July 17th, it was shut down. The help
desk thought they had cleaned it up, but within 30 mins of placing it
back online again, Edge 1 grabbed it again. I brought it into the lab
with a sniffer, rebooted (new IP), and Edge 1 picked it up within 10
minutes and began spam/proxying.
This past Sunday, a similarly Jeem'ed machine was hijacked by the same
Edge 1 block (numerous machines in the Edge 1 block, mind you) and due
to me being out of the office it wasn't noticed and shutdown until
Tuesday, after a little over a half million proxied spams.
Are these people just totally off-the-wall? Google searches seem to concur.
I am awaiting confirmation that ALL the proxies originated from Edge 1
(takes a while to churn through those gigs of pix logs).
University of Tennessee, Chattanooga
- Edge 1 Networks/Williams Communications Group Jeff Kell (Aug 05)