RE: [cobalt-users] dip.t-dialin.net IP Range

[Wayne Sagar <wsagar@xxxxxxxx>]

At 12:17 PM 4/30/01 -0400, you wrote:
>Block those, and you block these idiots. :) And, you could even write to
>d.kaufmann and ask him to tell his users to stop scanning, but that might
>incurr some wrath. It's easier just to drop them off the face of the planet.

Be very VERY careful who you write to within the European Internet Registry
IP users... we had one particulary bad episode with one of the people who
have an IP range out of them...

We were getting a lot of scans from one particular "client" of theirs, I
belive it was a cyber cafe somewhere "over there" I did the afore mentioned
steps to find their person in charge and wrote the "cease and desist"
message.. Well..apparantly, this was the person doing the scans!

Almost immediatly, my home machine began getting scanned, one machine on my
small network (belonging to a roomate) which has linux on it and was not
behind a software firewall got totally hammered by them... Our router
lights were on almost solid with the attack for hours.. even taking the
machine off line did not stop it.. then... My DSL provider got hit with a
several day DNS attack by *someone* whom they would not divulge the IP
address of, but I suspect was, the same group...

So.. moral of the story.. block the arseholes and don't send the letter! It
will do no good (likely) and may well issue them a challenge and make your
local system as well as your server a ripe target for them...

Wayne Sagar