This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Reporting abuse to OVH -- don't bother
- Previous message (by thread): [anti-abuse-wg] Reporting abuse to OVH -- don't bother
- Next message (by thread): [anti-abuse-wg] Reporting abuse to OVH -- don't bother
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Alex de Joode
alex at idgara.nl
Wed Feb 12 18:56:57 CET 2020
IPVolume/Incrediserv, are the new incantation of 'Ecatel'. 'Good luck' (try to peer with them and throttle the bw/ to 28k8 modem speed, lessens the impact somewhat).-- IDGARA | Alex de Joode | alex at idgara.nl | +31651108221 | Skype:adejoode On Wed, 12-02-2020 18h 50min, Javier Martín <javier.martin at centrored.net> wrote: > Hi all. This one of the abuse emails that cries out to heaven. There is an idiot who does not stop attacking us and does not answer the abuse email. Someone knows what to do in this cases? RIPE said that is nothing to do because there is not a "return from their server" to our email. This provider is full of spam, we banned all theirs ips. https://en.asytech.cn/check-ip/89.248.160.193 > https://ipinfo.io/AS202425 > It is very striking how a Seychelles provider with a new AS number can spam without limits. Kind regards. Javier > Sobre 12/02/2020 18:44:24, Alex de Joode <alex at idgara.nl> escribió: Alessandro, > The abuse notification below, is absolutely terrible: it only highlights the OVH IP that was used, however it completely fails to identify the IP/hostname that was "attacked", no action (other than forward the notice to the user of the IP) can be taken. > Please in the future include all relevant data in you abuse notice. (src+dst ip are relevant!) > > Thx.-- IDGARA | Alex de Joode | alex at idgara.nl | +31651108221 | Skype:adejoode > On Wed, 12-02-2020 13h 16min, Alessandro Vesely <vesely at tana.it> wrote:> > Dear Abuse Team > > The following abusive behavior from IP address under your constituency > 188.165.221.36 has been detected: > > 2020-02-11 11:39:25 CET, 188.165.221.36, old decay: 86400, prob: 34.72%, SMTP auth dictionary attack > > 188.165.221.36 was caught 102 times since Fri May 18 01:42:13 2018 > > original data from the mail log: > 2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[58534] > 2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[62026] > 2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[63198] > 2020-02-11 11:39:25 CET courieresmtpd: started,ip=[188.165.221.36],port=[58743] > 2020-02-11 11:39:25 CET courieresmtpd: started,ip=[188.165.221.36],port=[50520] > 2020-02-11 11:39:25 CET courieresmtpd: error,relay=188.165.221.36,port=58743,msg="535 Authentication failed.",cmd: AUTH LOGIN 42D117A2.9F10013D > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/anti-abuse-wg/attachments/20200212/107085be/attachment.html>
- Previous message (by thread): [anti-abuse-wg] Reporting abuse to OVH -- don't bother
- Next message (by thread): [anti-abuse-wg] Reporting abuse to OVH -- don't bother
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]