RE: [DNS] O/T: Nuking would-be intruders

RE: [DNS] O/T: Nuking would-be intruders

From: Dhupelia, Prakash <PDhupelia§racq.com.au>
Date: Thu, 27 Jun 2002 09:42:07 +1000
I had the same issues, even with zonealarm - however, ever since I installed
a router, (a good one eg netgear RT 314), the intrusions disappeared - very
pleased with the security. For comfort you can run Black Ice as well.

I tested the router with a site that checks your accessability and it passed
all tests.
Regards,
Prakash

-----Original Message-----
From: James Fiander [mailto:jfiander&#167;nimblehost.com]
Sent: Thursday, 27 June 2002 2:33 AM
To: dns&#167;lists.auda.org.au
Subject: RE: [DNS] O/T: Nuking would-be intruders


Note to self, Invent IP Seeking thermonuclear device....

-James

-----Original Message-----
From: Stephen Loosley [mailto:stephen&#167;melbpc.org.au]
Sent: Thursday, June 27, 2002 12:52 AM
To: dns&#167;lists.auda.org.au
Subject: [DNS] O/T: Nuking would-be intruders


Hi there ..

Advice, if possible ..

In the last hour the following IP addresses have attempted
to access this machine, via a wide variety of port numbers.

Doing a whois on them simply tells me they are re-assigned,
and, complaining results in various versions of auto response
emails, such as the one also copied below.

Question, what else can one do about such would-be intruders?

ZoneAlarm assures me that they wouldn't have seen me, but I'm
not satisfied with that. Any ideas on more direct ways of returning
the compliment, other than just complaining to their relevant whois
email contact address? Telnetting them gets nowhere. For example
an IP seeking thermonuclear device would be wonderfully satisfying.

80.234.144.21
209.20.180.212
203.12.156.142
63.60.218.246
65.149.4.199
64.228.128.21
203.12.156.202
202.163.99.17
24.57.20.204
210.113.18.229
212.199.226.101
216.144.8.243
159.134.100.125
209.246.78.7

--
This message is in response to the abuse report you sent to
abuse&#167;venturesonline.com

Thank you very much for reporting this incident to Ventures Online. This is
an automatic response to let you know that we have received your report
regarding a Violation of our Terms and Conditions or Network Abuse issue
involving an account on Ventures Onlines Network, and are taking the
necessary steps to resolve the situation.

Once our investigation is complete, appropriate action, in accordance with
our Terms and Conditions, will be taken against the offending account
immediately. Since the current volume of mail prohibits a personal reply to
all reports, unless additional information is required, this may be the only
response you will receive.

If you are reporting an abuse issue, (ie: spam, harassment, etc.) please
include the following to assist us in a prompt and full evaluation of your
report:

1) Original subject line. Please forward the email with a subject identical
to the original subject.
2) Complete headers. Email programs often display abbreviated headers.
Please consult your email program's help system for more information on
viewing full headers.
3) Complete message body. Please include the complete, unedited content of
the email message in question. Please do not change or edit the message in
any way.

If reports of email abuse are missing any one of these three items, it may
take longer for the Ventures Online Mail Abuse Team to properly investigate
and take appropriate action.

Please forward these reports of abuse to abuse&#167;venturesonline.com.

Note:
If you are reporting an incident with pet.vosn.net, please note this has
been
forged. pet.vosn.net has been taken off our network as of 4/15/2002, despite
this some abuser is using this domain to forge mail. The source of the email
is not coming out of our network.

Here is an example:

Received: from 87.15.78.89 ([87.15.78.89]) by pet.vosn.net with local; Jun,
19 2002 2:59:19 AM +1200

If you preform an rwhois lookup on the source ip that is in brackets, you
will see that it is not assigned to us. Email forgery is a large problem,
and due to the number of complaints we will not reply to each request.


The best thing to do is perform a rwhois lookup
(http://ws.arin.net/cgi-bin/whois.pl)
and if there is a valid contact address please contact them.

However, this particular spammer often uses non-assigned blocks.
If you are having problems locating a source, please contact your mail
administrator and have him/her discover which server your mail
originated from.

Regards,
Ventures Online Support Team

http://venturesonline.com/info/policies.html
--

Thanks people
Stephen Loosley
Vermont Secondary


---------------------------------------------------------------------------
List policy, unsubscribing and archives => http://www.auda.org.au/list/dns/
Please do not retransmit articles on this list without permission of the
author, further information at the above URL.  (319 subscribers.)



---------------------------------------------------------------------------
List policy, unsubscribing and archives => http://www.auda.org.au/list/dns/
Please do not retransmit articles on this list without permission of the 
author, further information at the above URL.  (319 subscribers.)

Please Note:

This communication has been sent on behalf of The Royal Automobile Club of
Queensland Limited (RACQ).  The information contained in this communication
may be privileged and confidential.  If you are not the intended recipient,
any use, disclosure or copying of this communication is expressly
prohibited.  If you have received this communication in error, please delete
it immediately.  RACQ and its associated entities do not warrant or
represent that this communication (including any enclosed files) is free
from electronic viruses, faults or defects.
Received on Fri Oct 03 2003 - 00:00:00 UTC

This archive was generated by hypermail 2.3.0 : Sat Sep 09 2017 - 22:00:05 UTC