[unisog] Wanadoo.fr

Tom Perrine tep at sdsc.edu
Wed Jun 18 15:57:03 GMT 2003


>>>>> On Wed, 18 Jun 2003 10:37:36 -0500, Conor McGrath <conormc at uchicago.edu> said:

    CM> Jeff Bollinger once said:

    >> We constantly receive attacks from the major French ISP, Wanadoo.fr and
    >> we continually sent complaints to abuse at wanadoo.fr.  Are other folks on
    >> the list receiving the same volume of attacks?  Of note, they typically
    >> have a host on the Internet Storm Center as a top attacker
    >> (http://isc.incidents.org/).  Has anyone actually blocked any/all of
    >> their subnets, or at the very least, received something more substantial
    >> than a canned reply?

Nothing received from them in the last few years, IIRC.  I have been
told that wanadoo.fr is a large ISP that also has kiosk and walk-up IP
service (cafe-like?), and that much of this access is purchased with
cash and stored-value cards, e.g. completely anonymously.

    CM> We have been seeing every variety of scan from Wanadoo since before I
    CM> started here three years ago.  We have sent them hundreds of complaints
    CM> and have never received anything other than a canned response in
    CM> return.  As far as I know, they are a branch of France Telecom, which
    CM> is owned at least in part by the French gov't.  To be fair, however, we
    CM> also see a lot of attacks from various U.S. cable/DSL/telco netblocks
    CM> and we never get anything other than a canned response from them,
    CM> either.

Wanadoo, t-dialin.net, attbi.com, inter.net.il, comcast.net, and
revolution.hu are the most active as seen from here, in the last 7
days.

interbusiness.it was a common source over the past months, although
less often sighted in the past few weeks.

Its gotten to the point that in general, I *count* the probes at
best.  If they don't get in (and they haven't, not for a long while),
then its too low a priority to bother.

Sweeping generalization: The ISPs that will investigate and do
something are the same ones that are already preventing or limiting
abuse from their nets.  The ones that are allowing people to probe you
are too big, too busy, or have other internal issues.

-- 
Tom E. Perrine <tep at SDSC.EDU> | San Diego Supercomputer Center 
http://www.sdsc.edu/~tep/     | 



More information about the unisog mailing list