new crapware on the misconfigured loose. did we not just have a thread on frags? how long will it take the amateurs to learn about port 53? sigh randy Date: Sat, 17 Nov 2012 16:15:23 +0800 To: randy@psg.com From: Security Ops Center <security@communilink.net> Subject: Network abuse from attacker: 147.28.0.39 to 203.124.10.107(ID# 86329) Message-ID: <dda9f857e37eff2f1c53e3d60dcb12f6@localhost.localdomain> Dear Sir, We detected an attack/abuse to our network that come from an IP owned by your ASN. The IP of your network [ 147.28.0.39 ] was infected and sending attack to our network [ 203.124.10.107 ]. The following is the logs that you can take proper actions. [TimeZone: GMT +8] ================================================== 2012-11-17 20:21:30 Fragmented traffic! From 147.28.0.39:53 to 203.124.9.11:56958, 2012-11-17 20:37:56 Fragmented traffic! From 147.28.0.39:53 to 203.124.10.223:39843, 2012-11-17 20:37:56 Fragmented traffic! From 147.28.0.39:3600 to 203.124.10.223:20678, ... <hundreds of more lines> ================================================== Should you have any questions, please call us at +(852) 29980833. Please include the ticket number, ID#86329, in all communications on this issue. Thank you, +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Security Ops Center - CommuniLink Internet Limited. security@communilink.net http://www.communilink.net 852.2998.0833 (voice) 852.2998.0899 (fax) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
LOL On 11/17/12 3:42 AM, Randy Bush wrote:
new crapware on the misconfigured loose. did we not just have a thread on frags? how long will it take the amateurs to learn about port 53?
sigh
randy
Date: Sat, 17 Nov 2012 16:15:23 +0800 To: randy@psg.com From: Security Ops Center <security@communilink.net> Subject: Network abuse from attacker: 147.28.0.39 to 203.124.10.107(ID# 86329) Message-ID: <dda9f857e37eff2f1c53e3d60dcb12f6@localhost.localdomain>
Dear Sir,
We detected an attack/abuse to our network that come from an IP owned by your ASN. The IP of your network [ 147.28.0.39 ] was infected and sending attack to our network [ 203.124.10.107 ].
The following is the logs that you can take proper actions. [TimeZone: GMT +8] ================================================== 2012-11-17 20:21:30 Fragmented traffic! From 147.28.0.39:53 to 203.124.9.11:56958, 2012-11-17 20:37:56 Fragmented traffic! From 147.28.0.39:53 to 203.124.10.223:39843, 2012-11-17 20:37:56 Fragmented traffic! From 147.28.0.39:3600 to 203.124.10.223:20678, ... <hundreds of more lines> ==================================================
Should you have any questions, please call us at +(852) 29980833. Please include the ticket number, ID#86329, in all communications on this issue.
Thank you,
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Security Ops Center - CommuniLink Internet Limited. security@communilink.net http://www.communilink.net 852.2998.0833 (voice) 852.2998.0899 (fax) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
On 11/17/12 1:42 AM, Randy Bush wrote:
new crapware on the misconfigured loose. did we not just have a thread on frags? how long will it take the amateurs to learn about port 53?
sigh
randy
Date: Sat, 17 Nov 2012 16:15:23 +0800 To: randy@psg.com From: Security Ops Center <security@communilink.net>
True call: "ZoneAlarm is telling me that your internet server is attacking my computer on port 53 with something called UDP. I told it to not allow the attack and now my internet doesn't work!" Don't know which is more funny - the broken/braindead software, or the fact its coming from a location of the world where the average response to abuse reports is "SPAM NO ILLEGAL, YOU NO BLOCK US." -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org / http://www.ahbl.org
participants (3)
-
Brielle Bruns
-
Manolo Hernandez
-
Randy Bush