nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Paging Unified Layer/AS46606 in re: NET-162-240-0-0-1 (162.240.0.0/15)

From: Adam Blackington via NANOG <nanog () lists nanog org>
Date: Wed, 3 Sep 2025 21:59:34 -0400
Did you try any of the other Abuse email addresses associated with the ASN
(or their phone number)?
Also, do note that according to Bluehost's website, Abuse Notifications
should be sent to Newfold (*See *
https://www.bluehost.com/help/article/report-tos-violation; *See also *
https://www.newfold.com/abuse)

RAbuseHandle: ABUSE3581-ARIN
RAbuseName:   Abuse Department
RAbusePhone:  +1-888-401-4678
RAbuseEmail:  abuse () unifiedlayer com
RAbuseRef:    https://rdap.arin.net/registry/entity/ABUSE3581-ARIN


OrgAbuseHandle: EIGAB1-ARIN
OrgAbuseName:   EIG-Abuse Mitigation
OrgAbusePhone:  +1-877-659-6181
OrgAbuseEmail:  IARPOC () Newfold com
OrgAbuseRef:    https://rdap.arin.net/registry/entity/EIGAB1-ARIN


https://bgp.he.net/AS46606#_whois


On Wed, Sep 3, 2025 at 9:21 PM Ryan Hamel via NANOG <nanog () lists nanog org>
wrote:


The better question is, why are you not filtering SSH to a known set of
source IPs, or have it protected behind a VPN? SSH can listen on other
ports besides 22.

Ryan Hamel

________________________________
From: Rich Kulawiec via NANOG <nanog () lists nanog org>
Sent: Wednesday, September 3, 2025 6:16 PM
To: nanog () lists nanog org <nanog () lists nanog org>
Cc: Rich Kulawiec <rsk () gsp org>
Subject: Paging Unified Layer/AS46606 in re: NET-162-240-0-0-1 (
162.240.0.0/15)

Caution: This is an external email and may be malicious. Please take care
when clicking links or opening attachments.


Who puts a quota on an abuse mailbox...and then allows that quote to
be reached?


Date: Tue, 2 Sep 2025 12:38:24 +0000

Delivery has failed to these recipients or groups:

abuse () bluehost com<mailto:abuse () bluehost com>
The recipient's mailbox is full and can't accept messages now. Please

try r=

esending your message later, or contact the recipient directly.


I've got nothin': my usual string of exasperated profanities has failed me.

Anyway, y'all have attackers using various VPS instances on your network
to conduct coordinated brute-force ssh attacks, and you should make that
stop yesterday.

Details?  Logs?  Yes, yes, I know, I did try to send them to you -- but
see the above for the explanation covering why you didn't receive them.

Also: for the love of dog, fix this nonsense.

---rsk
_______________________________________________
NANOG mailing list

https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.nanog.org%2Farchives%2Flist%2Fnanog%40lists.nanog.org%2Fmessage%2F6CFCYFIP5FHUL4PBZQNOUV2SW6DNK44U%2F&data=05%7C02%7Cryan%40rkhtech.org%7Cf05604ad93864ad3683208ddeb50bcac%7C81c24bb4f9ec4739ba4d25c42594d996%7C0%7C0%7C638925454204425431%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=cqSu%2FCyWt1ABaddhNYQNDkCDwl5P55mPUPcuRgevZVc%3D&reserved=0
<
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/6CFCYFIP5FHUL4PBZQNOUV2SW6DNK44U/



_______________________________________________
NANOG mailing list

https://lists.nanog.org/archives/list/nanog () lists nanog org/message/ORCF7T6IW7JE4B7WS3ZGG7B4CHFHPXTK/


_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/JCS3RNGHUSPG7JCUBS5GC4TKWZHSZMAG/
Previous By Date Next
Previous By Thread Next

Current thread: