Abuse reporting based on whois
fbsd_user
fbsd_user at a1poweruser.com
Sat May 22 11:33:56 PDT 2004
If the source ips are spoofed, what purpose do they do other than
consume bandwidth.
I believe the senders are script kiddies probing for know ports that
backdoors, spyware or Trojans are know to use.
-----Original Message-----
From: Florian Weimer [mailto:fw at deneb.enyo.de]
Sent: Saturday, May 22, 2004 2:09 PM
To: fbsd_user at a1poweruser.com
Cc: freebsd-isp at FreeBSD. ORG
Subject: Re: Abuse reporting based on whois
* fbsd user:
> My ipfilter firewall is blocking 35 to 150 un-solicited inbound
> port packets per minute coming from all over the world. I have an
> dynamic IP address assigned by my ISP, so I know the senders are
> scanning an whole subnet range of IP address for the ports they
are
> interested in. I have to pay for this background packet noise in
> bandwidth usage surcharges. I decided to research and try to
build
> an process to report this abuse to the ISP's who own the source IP
> address that is scanning the whole subnet ranges of IP address I
> belong to.
A significant part of those scans have spoofed source addresses.
Unless you complete a three-way handshake (for TCP scans only, of
course) and thus validate the source address, your observations are
probably not worth reporting.
--
Current mail filters: many dial-up/DSL/cable modem hosts, and the
following domains: bigpond.com, di-ve.com, hotmail.com, jumpy.it,
libero.it, netscape.net, postino.it, simplesnet.pt, spymac.com,
tatanova.com, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr,
yahoo.com.
More information about the freebsd-isp
mailing list