[Dshield] RIPE Network Coordination Centre

Lionel Ferette lionel.ferette at belnet.be
Tue May 10 16:13:34 GMT 2005


Hello Chuck,

In the wise words of Chuck Lewis, on Tuesday 10 May 2005 17:19:
> I got some pretty intense hack attempts against our email server over the
> weekend.  All unsuccessful ☺ But a number of them came from IP addresses
> what a whois traces back to RIPE Network Coordination Centre. And if you go
> there, they tell you to use whois at there domain to find them. They seem to
> be the source of a BUCNCH of attacks over the last months. Does reporting it
> to them do any good ? Anyone have any experience with them ?     
Reporting incidents to RIPE is like reporting them to ARIN. IMHO, it's not 
worth it. However, their whois server will give you more specific information 
about the IP's that attacked you:
whois -h whois.ripe.net aaa.bbb.ccc.ddd

Moreover, they have implemented a so-called "irt-object", that gives you 
specific incident-handling information. Of course, not every ISP has filled 
those in, but there's some progress...

HTH,

Lionel

-- 
"To understand how progress failed to make our lives easier,
please press 3"

Lionel Ferette
BELNET CERT Coordinator

Tel: +32 2 7903385                  http://cert.belnet.be/
Fax: +33 2 7903375                  PGP Key Id: 0x5662FD4B
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20050510/3e247804/attachment.bin


More information about the list mailing list