[Dshield] shawcable
Tom
dshield at oitc.com
Mon Oct 15 02:26:25 GMT 2007
At 5:46 PM -0600 10/14/07, Freek de Kruijf wrote:
>Op Thursday 11 October 2007 12:19:30 schreef Altadena Internet Hostmaster:
>> On a completely separate subject, but still involving the attack
>> correlation software, I note that my summary reports have LOTS of hits
>> from close address ranges on shawcable. Does the software treat these
>> as all one attack (this is likely...) or not?
>
>Almost dayly I have a relatively large number of UDP packages coming from
>shawcable. Most of them going to port 1026, the rest going to ports a little
>higher.
>
>I have no clue whether these packages are really coming from shawcable or are
>spoofed.
shaw.ca is terrible on dealing with abuse reports. They change their
abuse address and, as near as I can see, /dev/null many. Their
residentials are riddled with bots or leftover bots.
Tom
More information about the list
mailing list