Security Incidents mailing list archives
Re: "Quova.net" (Exodus downstream customer)
From: coldfire () CLOSED-NETWORKS COM (Cold Fire)
Date: Sat, 24 Jun 2000 01:49:23 +0100
On Thu, Jun 22, 2000 at 09:38:32PM -0500, Missouri FreeNet Administration wrote:
:And how I *love* to get lists I subscribe to trashed with ABUSE-mails. :*blarhg* Maybe you shouldn't be subscribed to abuse lists?
While I guess that incidents could be considered a 'abuse' list, I was under the impression that this list was for the reporting of slightly more serious incidents than "I was pinged", I don't want to start a 'what consititutes an attack' discussion, but if you seriously consider a ping worthy of going to all this trouble you need to get out more! By all means complain to the admin, but there is no need to subject several thousand other people to your tirade against quova.com, it is a waste of bandwidth and is a lattereday case of 'crying wolf'
:seems the only thing resolving to exodus at all, is the reverse-dns-lookup of :an IP ... the funny thing is, I cannot see how that can be quova.net's :responsibility. Anyone can choose anything as reverse-dns for an ip. I could :let one of my Ip's reserve to "lets.show.him" if I want - just edit the :zonefile. (1) According to ARIN, the IP in question is assigned to Exodus; (2) According to *EXODUS* (1-888-2-Exodus, option #1), the IP has been delegated to "a customer named Quova.com";
Surely that was the posters point, it is allocated to exodus and you have no substaintial evidence that it has ever been used by quova.
(3) I find it informative that after what appears to be a slew of complaints to Exodus (I have received various off-list copies of similar complaints by other sites) Quova has apparently deleted the "stealth" quote from their site entirely: Too much heat? (3) If, on the very slight chance you are not actually affiliated with the creeps at Quova, you might find it informative to do a little more homework: Look up their corporate officers on the Quova web page, and then search on these names. What do you see? A *LONG* string of relationships (buyouts, partnerships, etc) with Exodus. :The point here is - you - measl () mfn org - are NOT showing how the IP you :mention are in connection with quova.net . Bzzzzt! Wrong: See item #1 above. Thanks for playing - now get lost.
Item number 1 says that it is allocated to exodus, thus: Bzzzzt! Wrong, you are NOT showing how the IP you mention are in connection with quova.net/ Could we stop the discusion on what is a pretty inconsequential scan, I realise that a ping scan is often a prelude to an attack, but we have no evidence of any attack in this case. If you do not want to be scanned, either filter ICMP at your router or do not connect to a PUBLIC network! Steve -- 'Cold Fire, Britains most notorious hacker' Observer, July 1997 'The most recent conviction was that of [Cold Fire] whose On-line escapades spanned from hacking into educational sites to more sinister activities such as tapping into industrial and United States military sites.' DC Paul Cox, SO6 Scotland Yard CCU
Current thread:
- "Quova.net" (Exodus downstream customer) Missouri FreeNet Administration (Jun 17)
- Re: Quova.net M J (Jun 20)
- Re: Quova.net Fabio Bastiglia Oliva (Jun 20)
- Re: Quova.net Brett Glass (Jun 20)
- Hacked by the script kiddie - an ordinary netadmin's day Jakub Urbanec (Jun 21)
- SV: Hacked by the script kiddie - an ordinary netadmin's day Kim C. Saxvik (Jun 23)
- Addendum: scanned - strange! Sir Scriptzalot (Jun 21)
- Re: Quova.net Fabio Bastiglia Oliva (Jun 20)
- Re: Quova.net Valdis Kletnieks (Jun 20)
- Re: Quova.net M J (Jun 20)
- <Possible follow-ups>
- Re: "Quova.net" (Exodus downstream customer) Rune Kristian Viken (Jun 20)
- Re: "Quova.net" (Exodus downstream customer) Missouri FreeNet Administration (Jun 22)
- Re: "Quova.net" (Exodus downstream customer) Cold Fire (Jun 23)
- Interesting research paper Alfred Huger (Jun 25)
- DOS attack Bogdan Catalin Donici (Jun 26)
- Re: "Quova.net" (Exodus downstream customer) Missouri FreeNet Administration (Jun 22)
- Re: "Quova.net" (Exodus downstream customer) Nicholas de Jong (Jun 20)