This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] .gov .ru or .ch ?
- Previous message (by thread): [anti-abuse-wg] .gov .ru or .ch ?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Bengt Gördén
bengan at resilans.se
Fri Jun 30 10:13:20 CEST 2017
Den 2017-06-30 kl. 07:53, skrev ox: > Hi All, > > Frequently I see new exploits, old exploits, plain old brute force and > all scans from the same weird shell corporations. > (of course I collect exploits, specially 0day, as they are very useful) > > Usually when I report hacking/security abuse (like a main bot, etc) > most ISP's actually take a look and clean up, as it is bad for their > network to have this there anyway.... > > But there are 'bullet proof' hackers as complaints never do anything, > no matter how much logs and evidence is submitted. > > These are your government hackers, USA, China, Russia, etc. > > But, one of these bullet proof hackers is so k1dD13 that I have no > clue what it could be (as the stuff they run, will never work, even on > non patched servers/devices) - Yet complaints also have no result and > the modus operandi is always the same... They have distributed small > delegations, like /29 /28 /27 and on rare occasions a /26 and always > registered to Kansas, USA > > For example IP number 69.30.255.107 We've had our fare share of spam from them. The announcement spree seems to have started more or less in 2017 although the earlier announcements in 2005-2006 seems to have same pattern. Smaller prefixes also seems to be way back. Check the json-file for that. https://stat.ripe.net/widget/routing-history#w.resource=69.30.192.0/18 https://stat.ripe.net/data/routing-history/data.json?min_peers=0&resource=69.30.192.0%2F18 > > Has anyone experienced anything similar and does anyone know what type > of silly operation this is or what their goals could possibly be? > > Is it some AI learning thing? or a bit eater? or what? Due to the price model https://www.wholesaleinternet.net/ has I see it as just a heaven for spammers and black hats. Buy a virtual server for $10/month no question asked. Cheers, -- Bengt Gördén Resilans AB
- Previous message (by thread): [anti-abuse-wg] .gov .ru or .ch ?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]