VanLUG Email Archive
Unfortunately you seemed to have forgotten about ARIN and whois, as well
as mutli-threaded IP range scanners. Yes, there are "collections" of
lists out there that are extremely out of date, but about the only
collection would be you local 2600 meeting, and those are what you think
they are.
Most ISPs now will respond.. some just don't give a fuck until it starts
costing them money. Thats one of the reasons why .au ISPs are responsive,
bandwidth is a couple dollars a gig more expensive up here, and that makes
it even more of a valuable commodity.
There's a simple way to do this of course, firewall them and tell them
about it. Why do you think the RBL is so effective? :)
--Vincent Janelle "MCSE = Must Consult Someone Experienced"
--http://random.gimp.org --mailto:random@gimp.org
On Fri, 2 Oct 1998, Raymond D. Mereniuk wrote:
> I figure these folks must all communicate in one common forum
> somewhere on the Internet. They must pass around lists of blocks
> of IP numbers. Otherwise you would expect the attacks/probes to
> continue on a regular distributed basis.
>
> I went through the logs for both systems and mailed log entries to
> every ISP involved and asked them to police their users. The US
> ISPs were all very responsive. One ISP in Sudbury ON responded,
> and Sympatico did not. The one Australian ISP, Ozemail responds
> real fast - I have dealt with them before. I even tried to
> communicate with system admins in South Korea, Japan, and "se"
> wherever that is.
>
> >From this, and previous, experience it appears a person must
> pursue action against perpetrators, or run a more secure version of
> Unix. Do you guys take action against all attacks/probes?