Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica
Jay Ashworth
jra at baylink.com
Tue Mar 4 17:38:24 UTC 2014
----- Original Message -----
> From: "Andrew Latham" <lathama at gmail.com>
> > you wanted to say "blackhole those 5.45.72.0/22 and 5.45.76.0/22",
> Jay is right, it is just the /32s at the moment... Dropping the /22s
> could cause other sites to be blocked.
>
> inetnum: 5.45.72.0 - 5.45.75.255
> netname: INFERNO-NL-DE
> descr: ********************************************************
> descr: * We provide virtual and dedicated servers on this Subnet.
> descr: *
> descr: * Those services are self managed by our customers
> descr: * therefore, we are not using this IP space ourselves
> descr: * and it could be assigned to various end customers.
> descr: *
> descr: * In case of issues related with SPAM, Fraud,
> descr: * Phishing, DDoS, portscans or others,
> descr: * feel free to contact us with relevant info
> descr: * and we will shut down this server: abuse at 3nt.com
> descr: ********************************************************
> country: NL
> admin-c: TNTS-RIPE
> tech-c: TNTS-RIPE
> status: ASSIGNED PA
> mnt-by: MNT-3NT
> mnt-routes: serverius-mnt
> source: RIPE # Filtered
Though, for the record, I see I have ssh bruteforce in my logs this week
from 5.39.223.8; what it is with 5/8 this month?
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra at baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII
St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
More information about the NANOG
mailing list