[unisog] Wanadoo.fr

Walter G. Aiello Walter.Aiello at Duke.edu
Wed Jun 18 17:54:51 GMT 2003


Greetings:

Wanadoo.fr has long been the source of persistent and obnoxious FTP port
scans, so after ascertaining that there was no valid traffic to or from
that network necessary our work, we finally blocked them at our firewall.

Note from a previous e-mail regarding Wanadoo:

Jordan Wiens provided a list of network blocks owned by
France Telecom (wanadoo.fr's parent company). Several posters
indicated that they were at least considering blocking all traffic
from these IP ranges.
----------------
80.9.0.0/16            193.252.0.0/16 except for:
80.11.0.0/16                193.252.4.0/24
80.12.0.0/19                192.252.16.0/24
80.12.32.0/20               192.252.17.0/24
80.12.48.0/23               192.252.18.0/24
80.12.128.0/20              193.252.64.0/19
80.12.144.0/22              193.252.96.0/21
80.12.148.0/23              193.252.112.0/20
80.13.0.0/16                193.252.150.0/23
80.14.0.0/16                193.252.150.0/23
80.15.140.0/24              193.252.152.0/21
193.248.0.0/16              193.252.160.0/22
193.249.0.0/17              193.252.224.0/19
193.249.160.0/19
193.249.224.0/19
193.250.0.0/16        193.253.0.0/16 except for:
193.251.0.0/18              193.253.0.0/20
193.251.64.0/19             193.253.64.0/18
193.251.176.0/20
217.128.0.0/16
213.56.224.0/21

Jeff Bollinger wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> We constantly receive attacks from the major French ISP, Wanadoo.fr and
> we continually sent complaints to abuse at wanadoo.fr.  Are other folks on
> the list receiving the same volume of attacks?  Of note, they typically
> have a host on the Internet Storm Center as a top attacker
> (http://isc.incidents.org/).  Has anyone actually blocked any/all of
> their subnets, or at the very least, received something more substantial
> than a canned reply?
> 
> Thanks,
> Jeff
> - --
> Jeff Bollinger, CISSP
> University of North Carolina
> IT Security Analyst
> 105 Abernethy Hall
> mailto: jeff_bollinger at unc dot edu
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQE+8FUgvoVlxVBmgsURAre1AKDauNDmdbCzsoWdEv4GevMCCR7R1gCcCD++
> z7dODkK78qZJa4MI443BxuA=
> =eelB
> -----END PGP SIGNATURE-----
> 
> 
> 


-- 
Walter G. Aiello, Ph.D.
Manager, Network and Information Services
Magnetic Resonance Research Section
Box 3808, Department of Radiology
Duke University Medical Center

Walter.Aiello at Duke.edu
(919) 684 7519

Confidentiality Notice: This e-mail message, including any
attachments, is for the sole use of the intended recipient(s)
and may contain confidential and privileged information.
Any unauthorized review, use, disclosure or distribution is
prohibited.  If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies
of the original message.



More information about the unisog mailing list