[Dshield] shawcable

Tom dshield at oitc.com
Mon Oct 15 02:26:25 GMT 2007


At 5:46 PM -0600 10/14/07, Freek de Kruijf wrote:
>Op Thursday 11 October 2007 12:19:30 schreef Altadena Internet Hostmaster:
>>  On a completely separate subject, but still involving the attack
>>  correlation software, I note that my summary reports have LOTS of hits
>>  from close address ranges on shawcable.  Does the software treat these
>>  as all one attack (this is likely...) or not?
>
>Almost dayly I have a relatively large number of UDP packages coming from
>shawcable. Most of them going to port 1026, the rest going to ports a little
>higher.
>
>I have no clue whether these packages are really coming from shawcable or are
>spoofed.

shaw.ca is terrible on dealing with abuse reports. They change their 
abuse address and, as near as I can see, /dev/null many.  Their 
residentials are riddled with bots or leftover bots.

Tom


More information about the list mailing list