Re: Cable and Wireless Security Contact?
Paul if you look closer you'll see they have pipes to not only CWUSA, but Abovenet and NetAccess. All of these providers are announcing the hijacked IP block. Richard ----- Original Message ----- From: "Paul" <paul@rusko.us> Date: Fri, 2 Jan 2004 10:55:29 -0500 To: "Daniel Roesen" <dr@cluenet.de>, <nanog@merit.edu> Subject: Re: Cable and Wireless Security Contact?
daniel,
they are a cw customer - http://www.fixedorbit.com/AS/20/AS20473.htm some of their gear is in the cw dc in jersey city.
paul
----- Original Message ----- From: "Daniel Roesen" <dr@cluenet.de> To: <nanog@merit.edu> Sent: Friday, January 02, 2004 8:50 AM Subject: Re: Cable and Wireless Security Contact?
On Fri, Jan 02, 2004 at 02:41:17PM +0800, Hijacked L wrote:
Could a security contact from C&W PLEASE contact me off list? This is very important! One of your customers, Net Transactions LLC
I don't see AS20473 being a C&W customer. Are you perhaps mixing up C&W and AboveNet?
Regards, Daniel
-- ____________________________________________________ Get your own Hello Kitty email @ www.sanriotown.com Powered by Outblaze
no need to look closer, im reasonably familiar with who they do business with. i was merely correcting the 'they are not a cw customer' statement. i wish whoever tries good luck in getting this filtered. paul ----- Original Message ----- From: "Richard Cocks" <investigator@hellokitty.com> To: "Paul" <paul@rusko.us>; "Daniel Roesen" <dr@cluenet.de>; <nanog@merit.edu> Sent: Sunday, January 04, 2004 6:40 PM Subject: Re: Cable and Wireless Security Contact?
Paul if you look closer you'll see they have pipes to not only CWUSA, but
Abovenet and NetAccess. All of these providers are announcing the hijacked IP block.
Richard
----- Original Message ----- From: "Paul" <paul@rusko.us> Date: Fri, 2 Jan 2004 10:55:29 -0500 To: "Daniel Roesen" <dr@cluenet.de>, <nanog@merit.edu> Subject: Re: Cable and Wireless Security Contact?
daniel,
they are a cw customer - http://www.fixedorbit.com/AS/20/AS20473.htm some of their gear is in the cw dc in jersey city.
paul
----- Original Message ----- From: "Daniel Roesen" <dr@cluenet.de> To: <nanog@merit.edu> Sent: Friday, January 02, 2004 8:50 AM Subject: Re: Cable and Wireless Security Contact?
On Fri, Jan 02, 2004 at 02:41:17PM +0800, Hijacked L wrote:
Could a security contact from C&W PLEASE contact me off list? This is very important! One of your customers, Net Transactions LLC
I don't see AS20473 being a C&W customer. Are you perhaps mixing up C&W and AboveNet?
Regards, Daniel
-- ____________________________________________________ Get your own Hello Kitty email @ www.sanriotown.com
Powered by Outblaze
On Mon, 05 Jan 2004 07:40:38 +0800 someone claiming to be "Richard Cocks" <investigator@hellokitty.com> wrote: {snip} For the record, neither that post, nor the earlier post which asserted a Sender name of "Hijacked-L" were from, or in any way authorised by me. I'm sure colleagues here are capable of header analysis, probably more so than I am, so I won't attempt to analyse them here, apart from this: nycmny1-ar7-4-46-056-062.nycmny1.elnk.dsl.genuity.net [4.46.56.62] dnsbl.njabl.org : BLOCKED [4.46.56.62] dnsbl.sorbs.net : BLOCKED -- Richard Cox
"Richard" == Richard Cox <Richard@mandarin.com> writes:
Richard> On Mon, 05 Jan 2004 07:40:38 +0800 someone claiming to be Richard> "Richard Cocks" <investigator@hellokitty.com> wrote: Richard> {snip} Richard> For the record, neither that post, nor the earlier post Richard> which asserted a Sender name of "Hijacked-L" were from, Richard> or in any way authorised by me. Richard, The account investigator@hellokitty.com has been terminated for a violation of our AUP. Richard> nycmny1-ar7-4-46-056-062.nycmny1.elnk.dsl.genuity.net Richard> [4.46.56.62] dnsbl.njabl.org : BLOCKED Richard> [4.46.56.62] dnsbl.sorbs.net : BLOCKED That's just because it is a dynamic IP. A previous post (the hijacked-l one I think) came from a roadrunner DSL line, also in new york. Might be interesting to find out which nanog poster 1. Lives in or around New York 2. Is interested in suppressing hijacked netblocks [both of which are really excellent things, in themselves] ... and ... 3. Is willing to forge another nanog poster's name in an attempt to stay anonymous, or maybe get around filters / nanog moderators etc. srs -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations
"nanog in spoof name shocker!" On Mon, 5 Jan 2004, Suresh Ramasubramanian wrote:
"Richard" == Richard Cox <Richard@mandarin.com> writes:
Richard> On Mon, 05 Jan 2004 07:40:38 +0800 someone claiming to be Richard> "Richard Cocks" <investigator@hellokitty.com> wrote:
Richard> {snip}
Richard> For the record, neither that post, nor the earlier post Richard> which asserted a Sender name of "Hijacked-L" were from, Richard> or in any way authorised by me.
Richard,
The account investigator@hellokitty.com has been terminated for a violation of our AUP.
Richard> nycmny1-ar7-4-46-056-062.nycmny1.elnk.dsl.genuity.net Richard> [4.46.56.62] dnsbl.njabl.org : BLOCKED Richard> [4.46.56.62] dnsbl.sorbs.net : BLOCKED
That's just because it is a dynamic IP. A previous post (the hijacked-l one I think) came from a roadrunner DSL line, also in new york.
Might be interesting to find out which nanog poster
1. Lives in or around New York 2. Is interested in suppressing hijacked netblocks
[both of which are really excellent things, in themselves]
... and ...
3. Is willing to forge another nanog poster's name in an attempt to stay anonymous, or maybe get around filters / nanog moderators etc.
srs
participants (5)
-
Paul
-
Richard Cocks
-
Richard Cox
-
Stephen J. Wilcox
-
sureshï¼ outblaze.com