Home page logo
/

nanog logo nanog mailing list archives

Edge 1 Networks/Williams Communications Group
From: Jeff Kell <jeff-kell () utc edu>
Date: Mon, 04 Aug 2003 22:26:02 -0400


After several run-ins with Edge 1 Networks [69.44.28.0/22] having their machines "hijack" victim machines on our networks infected with Jeem, and then making their spam runs, I've had it. I have reported both to Edge 1 and their parent Williams Communications Group [AS7911] with no result and I will be blocking Edge 1 [in theory, AS29986, but no doubt private spewage from WCG.NET).

They hijacked a Jeem proxy on July 17th, it was shut down. The help desk thought they had cleaned it up, but within 30 mins of placing it back online again, Edge 1 grabbed it again. I brought it into the lab with a sniffer, rebooted (new IP), and Edge 1 picked it up within 10 minutes and began spam/proxying.

This past Sunday, a similarly Jeem'ed machine was hijacked by the same Edge 1 block (numerous machines in the Edge 1 block, mind you) and due to me being out of the office it wasn't noticed and shutdown until Tuesday, after a little over a half million proxied spams.

Are these people just totally off-the-wall?  Google searches seem to concur.

I am awaiting confirmation that ALL the proxies originated from Edge 1 (takes a while to churn through those gigs of pix logs).

Jeff Kell
University of Tennessee, Chattanooga


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]