[unisog] Wanadoo.fr

Peter Van Epp vanepp at sfu.ca
Wed Jun 18 15:42:38 GMT 2003

On Wed, Jun 18, 2003 at 08:03:45AM -0400, Jeff Bollinger wrote:
> Hash: SHA1
> We constantly receive attacks from the major French ISP, Wanadoo.fr and
> we continually sent complaints to abuse at wanadoo.fr.  Are other folks on
> the list receiving the same volume of attacks?  Of note, they typically
> have a host on the Internet Storm Center as a top attacker
> (http://isc.incidents.org/).  Has anyone actually blocked any/all of
> their subnets, or at the very least, received something more substantial
> than a canned reply?
> Thanks,
> Jeff

	Yep, we see lots of attempts from wanadoo.fr and much of the traffic
to/from compromised machines comes from that area, so much so that accesses
from there are an automatic warning sign to look closer at the argus logs
even if a breach hasn't been flagged (although lately that has been as much
P2P traffic as compomises :-) ). The killer for us is some bozo from
tdial.net in Germany though, he is usually the instigator of the successful
compromises. I've never even gotten a canned repy from tdial however. I often
dream about blocking their entire netblock, but argus tells me that there is
valid traffic coming from their range and I'll never get it approved so we 
play whack the mole instead (the volume isn't that high so far but has been
persistant for years).

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

More information about the unisog mailing list