On Fri, 28 Apr 2000 dhudes@hudes.org wrote:

The breakin attempts on my server have come from Taiwan and Korea when using portmap-based breakins; a number of US-based (@home etc.) have tried to abuse samba. I have tried to notify the Taiwan and Korean networks involved to no avail. I am in process of creating auto-counterattack tools that will determine the allocation range and, assuming I have at least as much or more bandwidth (presumably I'm dealing with an ISP serving dialup customers), launch floods of packets at the offending netblock (and hopefully find and attack the NAS by sending stuff to the RADIUS ports) and any other counterattacks to make life miserable so the offending ISP has a motive to fix things (i.e. beat them on the head until they behave). Every good set of tools needs overall purpose, this will result in enhanced WHOIS tools and probably a web page on security tools.

Uhhhh, floods? I guess it's time to flood UUnet, Qwest, Sprint, or any other misconfigured network out there. :)

The samba breakins I have to create a script to peel out the breakins and send notifications.

Much better...

On Fri, 28 Apr 2000, Omachonu Ogali wrote:

...

So pretty much, you wish to create many different Internet 'islands' by isolating networks that are assigned address space from APNIC and RIPE?

By doing so you threaten e-commerce and the businesses of many who receive their international customers via the Internet and yet this is effective.

As communication overseas advances in the physical world, you'd further hinder the advancement of the Internet, give ISP's no other choice than cutting their many trans-Atlantic fiber links, and those who wish to keep their links up have to rely on the other side to not be angered and pull the plug on their side, yet this is effective.

Take a look at Attrition.org's defacement archive, the majority of the defacers are from the United States, and a lesser crowd from APNIC/RIPE networks, I can't speak on credit card fraud, but should we in turn go around segregating the ARIN networks due to internal misuse, would that be 'effective' to you?

On Thu, 27 Apr 2000, Universal Rundle wrote:

...

I'd venture to say that this is the result of the following phenomena:

Block all APNIC and RIPE assigned networks at the border and all of the sudden, hack attempts and CC fraud disappear.

It's fan-%^&#ing-tasticly simple to do and so very effective.

...

From: "Igor V. Vorontsov" <iv@akcecc.net> To: nanog@merit.edu Subject: ICQ & AOL Date: Thu, 27 Apr 2000 13:35:10 +0300 (EEST)

Hello colleque,

Sorry my English.

If engeneers from AOL or ICQ is present here...

Many pople from Russia and Ukraine can't connect to your service. Your engeeners was closed many networks from Russia and Ukraine. But why? Many people from our country was usable service ICQ, but now this service is closed for them.

Please open for your service our networks and resolve this problem. One of them - network 193.227.207.0/24

Igor V. Vorontsov IV144-RIPE

________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

-- +-------------------------------------------------------------------------+ | Omachonu Ogali oogali@intranova.net | | Intranova Networking Group http://tribune.intranova.net | | PGP Key ID: 0xBFE60839 | | PGP Fingerprint: C8 51 14 FD 2A 87 53 D1 E3 AA 12 12 01 93 BD 34 | +-------------------------------------------------------------------------+