FWD: RE: FW: Getting hacked by Digital Isle?
Christopher Wolff
chris at bblabs.com
Fri Oct 26 03:50:24 UTC 2001
Here is the official Digital Isle party line. The part that I like is
"3) Respond to this message requesting we stop pinging your server. In this event our pinging will cease in several days."
Several days? I'm wondering if I can send a bill to Digital Isle for beta testing their product on my time and bandwidth without even asking me.
Regards,
Christopher
---------- Original Message ----------------------------------
From: Sean Gleason <sgleason at digisle.net>
Date: Fri, 26 Oct 2001 01:02:21 +0000 (GMT)
Chris,
We apologize for any inconvenience caused by pings (ICMP_ECHO packets)
coming from our machines. Your server was being pinged as part of our
real-time "network weather" mapping system called Best Distributor
Selection. BDS is an essential part of Footprint, Digital Island's
intelligent network service offering. It is used to optimize
performance when your customers access the web resources of our
customers.
Many large web publishers, such as AOL, CNBC and Blue Mountain, use
our Footprint service to speed up the delivery of their web content.
Our system intelligently matches browsers to the servers on our
Footprint network that will provide the best performance. The dynamic
nature of routing and congestion on the Internet make it necessary for
us to constantly update our maps.
Our network was pinging your system because it appeared to be a name
server with a sufficient number of resolution requests for our
customer web sites to be placed on the list of network nodes to be
constantly observed for Internet congestion.
By pinging your name server, we can provide better quality of service
to your users when they access the web sites of our expanding customer
list. We hope you will consider granting us permission to continue
pinging a name server in your domain.
Sandpiper Networks merged with Digital Island in December 1999, which
is why some of the machines pinging you were in digisle.net.
At this point you can:
1) Do nothing. Please accept our apologies and be assured that your
machines are not being pinged by a hostile party.
2) Tell us if there is an alternate name server in your IP address
space that you would like us to ping. We will direct future ping
traffic to it.
3) Respond to this message requesting we stop pinging your server. In
this event our pinging will cease in several days.
Regards,
Sean Gleason
Digital Island, Inc.
On Thu, 25 Oct 2001, Christopher J. Wolff wrote:
> Hello, thank you for your response. Here are the source addresses.
>
>
> IDS246/dos_dos-large-icmp ICMP 167.216.210.50:na 64.212.9.100:na
> ns1.bblabs.net 17:30 10-25
> IDS246/dos_dos-large-icmp ICMP 198.30.3.4:na 64.212.9.100:na
> ns1.bblabs.net 17:29 10-25
> IDS246/dos_dos-large-icmp ICMP 24.30.1.7:na 64.212.9.100:na
> ns1.bblabs.net 17:27 10-25
> IDS246/dos_dos-large-icmp ICMP 212.177.57.41:na 64.212.9.100:na
> ns1.bblabs.net 17:27 10-25
> IDS118/scan_Traceroute ICMP ICMP 216.200.14.119:na 64.212.9.100:na
> ns1.bblabs.net 17:27 10-25
> IDS118/scan_Traceroute ICMP ICMP 216.32.118.78:na 64.212.9.100:na
> ns1.bblabs.net 17:27 10-25
> IDS118/scan_Traceroute ICMP ICMP 207.46.144.74:na 64.212.9.100:na
> ns1.bblabs.net 17:27 10-25
> IDS118/scan_Traceroute ICMP ICMP 208.148.96.52:na 64.212.9.100:na
> ns1.bblabs.net 17:26 10-25
> IDS246/dos_dos-large-icmp ICMP 212.157.128.115:na 64.212.9.100:na
> ns1.bblabs.net 17:26 10-25
> IDS171/icmp_ping zeros ICMP 139.95.253.3:na 64.212.9.100:na
> ns1.bblabs.net 17:25 10-25
> IDS171/icmp_ping zeros ICMP 139.95.253.3:na 64.212.9.100:na
> ns1.bblabs.net 17:25 10-25
> IDS171/icmp_ping zeros ICMP 139.95.253.3:na 64.212.9.100:na
> ns1.bblabs.net 17:25 10-25
> IDS246/dos_dos-large-icmp ICMP 216.235.98.98:na 64.212.9.100:na
> ns1.bblabs.net 17:25 10-25
> IDS171/icmp_ping zeros ICMP 139.95.253.3:na 64.212.9.100:na
> ns1.bblabs.net 17:24 10-25
> IDS171/icmp_ping zeros ICMP 139.95.253.3:na 64.212.9.100:na
> ns1.bblabs.net 17:24 10-25
> IDS171/icmp_ping zeros ICMP 139.95.253.3:na 64.212.9.100:na
> ns1.bblabs.net 17:24 10-25
> IDS246/dos_dos-large-icmp ICMP 216.117.43.196:na 64.212.9.100:na
> ns1.bblabs.net 17:24 10-25
> IDS246/dos_dos-large-icmp ICMP 216.206.190.125:na 64.212.9.100:na
> ns1.bblabs.net 17:23 10-25
> IDS246/dos_dos-large-icmp ICMP 213.174.86.3:na 64.212.9.100:na
> ns1.bblabs.net 17:22 10-25
> IDS246/dos_dos-large-icmp ICMP 208.174.0.131:na 64.212.9.100:na
> ns1.bblabs.net 17:22 10-25
> IDS118/scan_Traceroute ICMP ICMP 216.200.14.119:na 64.212.9.100:na
> ns1.bblabs.net 17:19 10-25
> IDS118/scan_Traceroute ICMP ICMP 216.32.118.78:na 64.212.9.100:na
> ns1.bblabs.net 17:19 10-25
> IDS118/scan_Traceroute ICMP ICMP 207.46.144.74:na 64.212.9.100:na
> ns1.bblabs.net 17:19 10-25
> IDS118/scan_Traceroute ICMP ICMP 208.148.96.52:na 64.212.9.100:na
> ns1.bblabs.net 17:19 10-25
> IDS246/dos_dos-large-icmp ICMP 64.56.69.38:na 64.212.9.100:na
> ns1.bblabs.net 17:19 10-25
> IDS246/dos_dos-large-icmp ICMP 213.174.86.3:na 64.212.9.100:na
> ns1.bblabs.net 17:19 10-25
> IDS246/dos_dos-large-icmp ICMP 208.172.32.131:na 64.212.9.100:na
> ns1.bblabs.net 17:18 10-25
> IDS246/dos_dos-large-icmp ICMP 200.52.171.211:na 64.212.9.100:na
> ns1.bblabs.net 17:18 10-25
> IDS246/dos_dos-large-icmp ICMP 206.24.208.131:na 64.212.9.100:na
> ns1.bblabs.net 17:18 10-25
> IDS246/dos_dos-large-icmp ICMP 216.44.45.4:na 64.212.9.100:na
> ns1.bblabs.net 17:18 10-25
> IDS246/dos_dos-large-icmp ICMP 157.238.44.132:na 64.212.9.100:na
> ns1.bblabs.net 17:14 10-25
> IDS246/dos_dos-large-icmp ICMP 148.122.172.38:na 64.212.9.100:na
> ns1.bblabs.net 17:14 10-25
> IDS246/dos_dos-large-icmp ICMP 212.155.204.88:na 64.212.9.100:na
> ns1.bblabs.net 17:13 10-25
> IDS246/dos_dos-large-icmp ICMP 209.240.197.84:na 64.212.9.100:na
> ns1.bblabs.net 17:13 10-25
> IDS118/scan_Traceroute ICMP ICMP 64.242.62.92:na 64.212.9.100:na
> ns1.bblabs.net 17:13 10-25
> IDS246/dos_dos-large-icmp ICMP 65.32.4.170:na 64.212.9.100:na
> ns1.bblabs.net 17:13 10-25
> IDS118/scan_Traceroute ICMP ICMP 216.200.14.119:na 64.212.9.100:na
> ns1.bblabs.net 17:10 10-25
> IDS118/scan_Traceroute ICMP ICMP 216.32.118.78:na 64.212.9.100:na
> ns1.bblabs.net 17:10 10-25
> IDS118/scan_Traceroute ICMP ICMP 207.46.144.74:na 64.212.9.100:na
> ns1.bblabs.net 17:10 10-25
> IDS118/scan_Traceroute ICMP ICMP 208.148.96.52:na 64.212.9.100:na
> ns1.bblabs.net 17:10 10-25
> IDS246/dos_dos-large-icmp ICMP 209.240.77.196:na 64.212.9.100:na
> ns1.bblabs.net 17:09 10-25
> IDS246/dos_dos-large-icmp ICMP 207.189.78.249:na 64.212.9.100:na
> ns1.bblabs.net 17:08 10-25
> IDS246/dos_dos-large-icmp ICMP 167.216.150.53:na 64.212.9.100:na
> ns1.bblabs.net 17:08 10-25
> IDS246/dos_dos-large-icmp ICMP 64.78.164.100:na 64.212.9.100:na
> ns1.bblabs.net 17:07 10-25
> IDS118/scan_Traceroute ICMP ICMP 204.201.228.130:na 64.212.9.100:na
> ns1.bblabs.net 17:06 10-25
> IDS171/icmp_ping zeros ICMP 163.181.249.3:na 64.212.9.100:na
> ns1.bblabs.net 17:06 10-25
> IDS171/icmp_ping zeros ICMP 163.181.249.3:na 64.212.9.100:na
> ns1.bblabs.net 17:06 10-25
> IDS171/icmp_ping zeros ICMP 163.181.249.3:na 64.212.9.100:na
> ns1.bblabs.net 17:06 10-25
> IDS246/dos_dos-large-icmp ICMP 207.230.26.4:na 64.212.9.100:na
> ns1.bblabs.net 17:05 10-25
> IDS246/dos_dos-large-icmp ICMP 216.206.179.5:na 64.212.9.100:na
> ns1.bblabs.net 17:05 10-25
> IDS246/dos_dos-large-icmp ICMP 167.216.218.245:na 64.212.9.100:na
> ns1.bblabs.net 17:04 10-25
> IDS246/dos_dos-large-icmp ICMP 167.216.216.117:na 64.212.9.100:na
> ns1.bblabs.net 17:03 10-25
> IDS118/scan_Traceroute ICMP ICMP 198.31.3.44:na 64.212.9.100:na
> ns1.bblabs.net 17:01 10-25
> IDS246/dos_dos-large-icmp ICMP 167.216.133.82:na 64.212.9.100:na
> ns1.bblabs.net 16:59 10-25
> IDS118/scan_Traceroute ICMP ICMP 24.130.30.75:na 64.212.9.100:na
> ns1.bblabs.net 16:58 10-25
> IDS246/dos_dos-large-icmp ICMP 64.232.139.108:na 64.212.9.100:na
> ns1.bblabs.net 16:57 10-25
> IDS171/icmp_ping zeros ICMP 64.92.138.196:na 64.212.9.100:na
> ns1.bblabs.net 16:57 10-25
> IDS171/icmp_ping zeros ICMP 64.92.138.196:na 64.212.9.100:na
> ns1.bblabs.net 16:57 10-25
> IDS171/icmp_ping zeros ICMP 64.92.138.196:na 64.212.9.100:na
> ns1.bblabs.net 16:57 10-25
> IDS246/dos_dos-large-icmp ICMP 64.78.164.100:na 64.212.9.100:na
> ns1.bblabs.net 16:57 10-25
> -----Original Message-----
> From: Sean Gleason [mailto:sgleason at digisle.net]
> Sent: Thursday, October 25, 2001 4:44 PM
> To: Christopher J. Wolff
> Cc: noc-team at digisle.net
> Subject: Re: FW: Getting hacked by Digital Isle?
>
>
>
>
> Could you provide me an IP address so we can investigate further.
>
> Sean Gleason ---- Digital Island
>
>
>
> On Thu, 25 Oct 2001, Christopher J. Wolff wrote:
>
> >
> > I just received a log from my IDS claiming the following attack is taking
> > place from your network. If this is true what are you doing and why are
> you
> > ICMP flooding my primary name server.
> >
> >
> > Log entry:
> >
> > mailto:abuse at digisle.com for questions
> > This ICMP ECHO REQUEST/REPLY is part of the real-time network monitoring
> > performed by Digital Island Inc. It is not an attack. If you have
> > questions please contact
> >
> abuse at digisle.com...........................................................
> >
> ............................................................................
> >
> ............................................................................
> >
> ............................................................................
> >
> ............................................................................
> >
> ............................................................................
> >
> ............................................................................
> >
> ............................................................................
> >
> ............................................................................
> >
> ............................................................................
> >
> ............................................................................
> >
> ............................................................................
> >
> ............................................................................
> >
> ............................................................................
> >
> ............................................................................
> > ...............................................
> >
> >
> > Regards,
> > Christopher J. Wolff, VP, CIO
> > Broadband Laboratories, Inc.
> > http://www.bblabs.com
> > email:chris at bblabs.com
> > phone:520.622.4338 x234
> >
>
>
>
>
>
More information about the NANOG
mailing list