[unisog] Wanadoo.fr

Geoff Poer gpoer at arizona.edu
Wed Jun 18 16:35:15 GMT 2003

Hash: SHA1

We actually block most of France, Korea and China. There are a few
occasions when we have had to open holes for people who need access
from those countries however it rarely happens.

Geoff Poer
University of Arizona
> -----Original Message-----
> From: Tom Perrine [mailto:tep at sdsc.edu]
> Sent: Wednesday, June 18, 2003 8:57 AM
> To: conormc at uchicago.edu
> Cc: jeff01 at email.unc.edu; unisog at sans.org
> Subject: Re: [unisog] Wanadoo.fr
> >>>>> On Wed, 18 Jun 2003 10:37:36 -0500, Conor McGrath
> <conormc at uchicago.edu> said:
>     CM> Jeff Bollinger once said:
>     >> We constantly receive attacks from the major French ISP,
> Wanadoo.fr and
>     >> we continually sent complaints to abuse at wanadoo.fr.  Are
> other folks on
>     >> the list receiving the same volume of attacks?  Of note,
> they typically
>     >> have a host on the Internet Storm Center as a top attacker
>     >> (http://isc.incidents.org/).  Has anyone actually blocked
> any/all of
>     >> their subnets, or at the very least, received something more
> substantial
>     >> than a canned reply?
> Nothing received from them in the last few years, IIRC.  I have
> been told that wanadoo.fr is a large ISP that also has kiosk and
> walk-up IP service (cafe-like?), and that much of this access is
> purchased with cash and stored-value cards, e.g. completely
> anonymously.
>     CM> We have been seeing every variety of scan from Wanadoo
> since before I
>     CM> started here three years ago.  We have sent them hundreds
> of complaints
>     CM> and have never received anything other than a canned
> response in 
>     CM> return.  As far as I know, they are a branch of France
> Telecom, which
>     CM> is owned at least in part by the French gov't.  To be fair,
> however, we
>     CM> also see a lot of attacks from various U.S. cable/DSL/telco
> netblocks
>     CM> and we never get anything other than a canned response from
> them, 
>     CM> either.
> Wanadoo, t-dialin.net, attbi.com, inter.net.il, comcast.net, and
> revolution.hu are the most active as seen from here, in the last 7
> days.
> interbusiness.it was a common source over the past months, although
> less often sighted in the past few weeks.
> Its gotten to the point that in general, I *count* the probes at
> best.  If they don't get in (and they haven't, not for a long
> while), then its too low a priority to bother.
> Sweeping generalization: The ISPs that will investigate and do
> something are the same ones that are already preventing or limiting
> abuse from their nets.  The ones that are allowing people to probe
> you are too big, too busy, or have other internal issues.
> --
> Tom E. Perrine <tep at SDSC.EDU> | San Diego Supercomputer Center
> http://www.sdsc.edu/~tep/     |

Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>


More information about the unisog mailing list