Security Incidents mailing list archives
Re: Probe from UK Provider ?
From: arrigo () ALBOURNE COM (Arrigo Triulzi)
Date: Thu, 20 Jan 2000 23:32:07 +0000
Pauline van Winsen scripsit: [...] |i sent an email to abuse () demon co uk last year in october with little |success. they mumbled something about problems with hardware |mangling packets. sigh... Are you sure this is not another of those load-balancing tricks? All Demon users (I was one, notice the "was") get a web site, www.hostname.demon.co.uk, which is provided over their virtual web hosting service according to particular rules (high traffic puts you on a throttled subnet, etc.). They advertised on their magazine, Demon Dispatches, that they were now using "advanced cache technology" with "integrated mirroring" (translated: layer 3 switching and mirrors of big sites so that they become local) and so on. You can only reach a Demon subscriber's dialup host when they are dialled in so you should distinguish scans from a dialup host, generally, hostname.demon.co.uk, from their virtually hosted web site at www.hostname.demon.co.uk. Furthermore there have been reports of scans from punt-xx.mail.demon.net. These are Demon SMTP "kick" boxes which upload e-mail via SMTP when a user dials in. These I have no explanation for except that they might be spoofed IPs. Concerning Demon's security/abuse bunch when I was seeing packets from 192.168.x.y coming up through my dialin I reported them and they went off to work discovering that it was an AOL IM "feature" for keeping the line open. They had a word with AOL, AOL basically said "thank, have a nice day and don't bother us" so they firewalled. This was approx. 6 months ago. I stopped being a customer of theirs about a month ago so things might have changed. Ciao, Arrigo
Current thread:
- Re: IRC-bots: what are they for ?, (continued)
- Re: IRC-bots: what are they for ? tyler (Jan 12)
- Re: IRC-bots: what are they for ? David Brumley (Jan 12)
- Re: IRC-bots: what are they for ? The Undernet Bonk (Jan 12)
- Re: IRC-bots: what are they for ? Filip M. Gieszczykiewicz (Jan 12)
- Strange behaviour Belgarion of Riva (Jan 13)
- Re: Strange behaviour Richard Bejtlich (Jan 15)
- UDP probing [ trojan? ] mabrown () SECUREPIPE COM (Jan 17)
- Re: UDP probing [ trojan? ] Jose Nazario (Jan 18)
- Probe from UK Provider ? Duarte Cordeiro (Jan 18)
- Re: Probe from UK Provider ? Pauline van Winsen (Jan 19)
- Re: Probe from UK Provider ? Arrigo Triulzi (Jan 20)
- Re: Probe from UK Provider ? Gene Harris (Jan 20)
- Re: Probe from UK Provider ? Jason Witty (Jan 20)
- Solaris BSM Audit Logs Wozz (Jan 17)
- Re: Strange behaviour John Turner (Jan 17)
- SMTP bombing Kaupo Palo (Jan 18)
- Log tools? Chad Day (Jan 17)
- Re: Log tools? James Phillips (Jan 17)
- Re: Log tools? Gene Harris (Jan 18)
- Re: Log tools? Richard Trott (Jan 17)
- Re: Log tools? Pauline van Winsen (Jan 18)