Re: "Quova.net" (Exodus downstream customer)

[coldfire () CLOSED-NETWORKS COM (Cold Fire)]

On Thu, Jun 22, 2000 at 09:38:32PM -0500, Missouri FreeNet Administration wrote:
> :And how I *love* to get lists I subscribe to trashed with ABUSE-mails.
> :*blarhg*
>
> Maybe you shouldn't be subscribed to abuse lists?

While I guess that incidents could be considered a 'abuse' list, I was
under the impression that this list was for the reporting of slightly
more serious incidents than "I was pinged", I don't want to start a
'what consititutes an attack' discussion, but if you seriously consider
a ping worthy of going to all this trouble you need to get out more!

By all means complain to the admin, but there is no need to subject
several thousand other people to your tirade against quova.com, it is
a waste of bandwidth and is a lattereday case of 'crying wolf'

> :seems the only thing resolving to exodus at all, is the reverse-dns-lookup of
> :an IP ... the funny thing is, I cannot see how that can be quova.net's
> :responsibility.  Anyone can choose anything as reverse-dns for an ip.   I could
> :let one of my Ip's reserve to "lets.show.him" if I want - just edit the
> :zonefile.
>
> (1) According to ARIN, the IP in question is assigned to Exodus;
>
> (2) According to *EXODUS* (1-888-2-Exodus, option #1), the IP has been
> delegated to "a customer named Quova.com";

Surely that was the posters point, it is allocated to exodus and you have
no substaintial evidence that it has ever been used by quova.

> (3) I find it informative that after what appears to be a slew of
> complaints to Exodus (I have received various off-list copies of similar
> complaints by other sites) Quova has apparently deleted the "stealth"
> quote from their site entirely:  Too much heat?
>
> (3) If, on the very slight chance you are not actually affiliated with the
> creeps at Quova, you might find it informative to do a little more
> homework:  Look up their corporate officers on the Quova web page, and
> then search on these names.  What do you see?  A *LONG* string of
> relationships (buyouts, partnerships, etc)  with Exodus.
>
> :The point here is - you - measl () mfn org - are NOT showing how the IP you
> :mention are in connection with quova.net .
>
> Bzzzzt!  Wrong: See item #1 above.  Thanks for playing - now get lost.

Item number 1 says that it is allocated to exodus, thus:
Bzzzzt! Wrong, you are NOT showing how the IP you mention are in connection
with quova.net/

Could we stop the discusion on what is a pretty inconsequential scan,
I realise that a ping scan is often a prelude to an attack, but we have no
evidence of any attack in this case. If you do not want to be scanned, either
filter ICMP at your router or do not connect to a PUBLIC network!

Steve

--
'Cold Fire, Britains most notorious hacker' Observer, July 1997
'The most recent conviction was that of [Cold Fire] whose On-line
escapades spanned from hacking into educational sites to more
sinister activities such as tapping into industrial and United
States military sites.' DC Paul Cox, SO6 Scotland Yard CCU