Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica

Jay Ashworth jra at baylink.com
Tue Mar 4 17:38:24 UTC 2014


----- Original Message -----
> From: "Andrew Latham" <lathama at gmail.com>

> > you wanted to say "blackhole those 5.45.72.0/22 and 5.45.76.0/22",

> Jay is right, it is just the /32s at the moment... Dropping the /22s
> could cause other sites to be blocked.
> 
> inetnum: 5.45.72.0 - 5.45.75.255
> netname: INFERNO-NL-DE
> descr: ********************************************************
> descr: * We provide virtual and dedicated servers on this Subnet.
> descr: *
> descr: * Those services are self managed by our customers
> descr: * therefore, we are not using this IP space ourselves
> descr: * and it could be assigned to various end customers.
> descr: *
> descr: * In case of issues related with SPAM, Fraud,
> descr: * Phishing, DDoS, portscans or others,
> descr: * feel free to contact us with relevant info
> descr: * and we will shut down this server: abuse at 3nt.com
> descr: ********************************************************
> country: NL
> admin-c: TNTS-RIPE
> tech-c: TNTS-RIPE
> status: ASSIGNED PA
> mnt-by: MNT-3NT
> mnt-routes: serverius-mnt
> source: RIPE # Filtered

Though, for the record, I see I have ssh bruteforce in my logs this week
from 5.39.223.8; what it is with 5/8 this month?

Cheers,
-- jra
-- 
Jay R. Ashworth                  Baylink                       jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates       http://www.bcp38.info          2000 Land Rover DII
St Petersburg FL USA      BCP38: Ask For It By Name!           +1 727 647 1274



More information about the NANOG mailing list