[Dshield] Got 'em
dupape at bellatlantic.net
Mon Mar 3 18:29:41 GMT 2003
Somebody asked last week about the value of DShield. The following was only
possible because the aggregate numbers collected by DS made it clear that
this was not just some kid spamming my address and a few others for fun. By
having the data for the entire block it became evident that this was a
systematic effort. Furthermore, I was able to provide these numbers to
others which gave the complaints a great deal more credibility.
I'm not obsessed with BlueTelegraph but this is a case where we can really
do something. This is a domestic company that (based on the ports being
scanned) is probably looking for proxies to relay SPAM. So we not only get
rid of an attacker but also a possible large-scale spam generator.
Anyway, I had some time available last week. I got Cogent to drop the name
server and change some other things which caused BT to change IPs.
Furthermore, whatever Cogent did caused these IPs to resolve to their real
owner which is Aventis Pharma and they took aggressive action as did Verio
which was passing all the traffic. We may actually be rid of them.
Apparently, Blue Telegraph was able to basically hijack this bandwidth.
If Aventis is smart, this may result in criminal charges.
Again, this was a couple of hours of effort on my part but NONE of this
could have been done without DShield and Johannes thousands of hours of
dedication to the community.
More information about the list