[Dshield] RIPE Network Coordination Centre
lionel.ferette at belnet.be
Tue May 10 16:13:34 GMT 2005
In the wise words of Chuck Lewis, on Tuesday 10 May 2005 17:19:
> I got some pretty intense hack attempts against our email server over the
> weekend. All unsuccessful ☺ But a number of them came from IP addresses
> what a whois traces back to RIPE Network Coordination Centre. And if you go
> there, they tell you to use whois at there domain to find them. They seem to
> be the source of a BUCNCH of attacks over the last months. Does reporting it
> to them do any good ? Anyone have any experience with them ?
Reporting incidents to RIPE is like reporting them to ARIN. IMHO, it's not
worth it. However, their whois server will give you more specific information
about the IP's that attacked you:
whois -h whois.ripe.net aaa.bbb.ccc.ddd
Moreover, they have implemented a so-called "irt-object", that gives you
specific incident-handling information. Of course, not every ISP has filled
those in, but there's some progress...
"To understand how progress failed to make our lives easier,
please press 3"
BELNET CERT Coordinator
Tel: +32 2 7903385 http://cert.belnet.be/
Fax: +33 2 7903375 PGP Key Id: 0x5662FD4B
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20050510/3e247804/attachment.bin
More information about the list