[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [OT] after portscan

To: misc@openbsd.org
Subject: Re: [OT] after portscan
From: Dave Taira <bodhi@hagakure.org>
Date: Tue, 5 Sep 2000 10:26:14 -0700 (PDT)

On Tue, 5 Sep 2000, Denis A. Doroshenko wrote:

> On Tue, Sep 05, 2000 at 11:47:32AM +0200, ISM Kolemanov, Ivan wrote:
> > 
> > but what I have to do in such a situations,
> > probably I have to contact his ISP?
> 
> honestly i dunno, and would like to see comments about some common
> practice.

The practice that's probably the most common is to ignore it, unless
you think you're the specific[0] target.

> > and how to define it?
> 
> i'd do "dig -x 211.34.121.57 soa", that results in:

Ooh, good call. I was going to suggest `whois -a 211.34.121.57`, but
that relies upon ISPs correctly getting the whois delegation done.
And since incorrect whois data doesn't break things for customers,
it tends to be a low priority.

> so it seems krnic.net (korean ISP?) is authoritative for that range
> of IP addresses. abuse@krnic.net is the way to go?

On the other hand, `whois krnic.net` shows:

Registrant:
Korea Network Information Center (KRNIC-DOM)
   14f NARA Bldg. 1328-3 Socho-Dong Socho-Gu
   Seoul, 137-070
   KR

In general, when I send off complaints, I try "abuse@" first. If that
doesn't exist, then I try "root@" for network issues, or "postmaster@"
for spam. If you're lucky, and the organization is professional (and
speaks English![1]), you may get a response. But bear in mind there
are a lot of organizations that may not be all that organized, and may
not have an abuse address, and in some cases, may not even read their
root mail.

In general, if I have the time, I will make an effort to send the
information to the right people. And if I feel that I'm being harassed
or attacked, I'll make the time. But if I'm busy, I'll ignore them.
(Rationalizing that someone else getting hit will have the time.)

[0] That is, they're attacking *you*, and not just scanning huge ranges
    of IPs.
[1] No, that's not a slam. It's a real issue. An ongoing project of MAPS
    is to get translations for closing open mail relays.

+------------------------------------------------------------------------+
| Dave Taira <bodhi@hagakure.org>                2000.09.05/10:26:14 PDT |
+------------------------------------------------------------------------+
| TV doesn't make you stupid. God made you stupid.                       |
|                                                               --Andr00 |
+------------------------------------------------------------------------+

References:
- Re: [OT] after portscan
  - From: "Denis A. Doroshenko" <d.doroshenko@omnitel.net>

Prev by Date: Re: 64-bit Architecture
Next by Date: Re: problems booting OpenBSD without keyboard
Prev by thread: Re: [OT] after portscan
Next by thread: Re: [OT] after portscan
Index(es):
- Date
- Thread