And I thought the Internet was such a friendly, welcoming environment.. maybe I should remove all my telnet guest logins from my servers and remove my credit card number from my homepage.. Steve On Mon, 23 Apr 2001, Smith, Rick wrote:

Nanog; fyi.

APNIC / Excite / Home.net -

We have an ftp site running on 209.123.52.40 that is made writable at certain periods of time for anonymous users. Some of our customer's systems are programmed to send in bug reports, problem programs, etc at these times. One of these periods of time was this past Friday (4/20/01) from 6pm EST to Saturday afternoon at Noon. In that time period, a couple of hundred megs of movies / warez / crap was dropped onto the ftp site, and then the people that were (I presume) loading up the site got cut off.

Not only did the violator from 203.164.51.0/24 store illegal information on our ftp site, they also deleted everything that existed. Not anyone's fault there but our own, and no problem since there were backups, but just fyi that this stuff is happening out there from the reported networks.

Here's some information I collected from a .htaccess file in one of the directories that these <insert explative here> left.

<Limit GET> order allow,deny deny from 141.201.222. deny from 24.141.20. deny from 24.141.36. deny from 65.1.50. . . Bunch of Denies . allow from 203.164.51. deny from 203.164.3. deny from 62.30.0. . . Bunch of Denies . allow from all </Limit>

I run Portsentry on my FreeBSD firewall, which caught and denied this: 987814775 - 04/20/2001 20:59:35 Host: www.uov.net/209.37.153.6 Port: 515 TCP Blocked

The swip info for the one allow statement in that htaccess file:

[root]# whois -h whois.arin.net 203.164.51.0

Asia Pacific Network Information Center (APNIC2) These addresses have been further assigned to Asia-Pacific users. Contact info can be found in the APNIC database, at WHOIS.APNIC.NET or http://www.apnic.net/ Please do not send spam complaints to APNIC. AU

Netname: APNIC-CIDR-BLK Netblock: 202.0.0.0 - 203.255.255.255 Maintainer: AP

Gee - go figure - a cable modem ween

[root]# whois -h whois.apnic.net 203.164.51.0

% Rights restricted by copyright. See http://www.apnic.net/db/dbcopyright.html

inetnum: 203.164.48.0 - 203.164.51.255 netname: ATHOME-AU-RIVRW-1 descr: Infrastructure country: AU admin-c: HH85-AP tech-c: AI13-AP mnt-by: MAINT-AU-ATHOME changed: ipmgmt@excitehome.net 20000911 source: APNIC

person: Hostmaster Home Network Australia address: 100 Harris Street address: Pyrmont address: NSW 2009 phone: +61 2 9005 1000 fax-no: +61 2 9005 1076 country: AU e-mail: hostmaster@homenetwork.com.au nic-hdl: HH85-AP mnt-by: MAINT-AU-ATHOME changed: judithh@corp.home.net 20000830 source: APNIC

person: ATHome-AU IP Mgmt address: 450 Broadway Street address: Redwood City, CA 94063 address: US phone: +1-800-872-3595 country: AU e-mail: ipmgmt@excitehome.neet nic-hdl: AI13-AP mnt-by: MAINT-AU-ATHOME changed: judithh@corp.home.net 20000830 source: APNIC

Thanks, Rick Smith Director of Technical Services Applied Tactical Systems (A division of Vertex Interactive, Inc.) <http://www.atsworld.com> --- <http://www.vertexinteractive.com> (973) 808 - 1750 x382

-- Stephen J. Wilcox IP Services Manager, Opal Telecom http://www.opaltelecom.co.uk/ Tel: 0161 222 2000 Fax: 0161 222 2008