Attacks from poneytelecom.eu

• Previous message (by thread): Attacks from poneytelecom.eu
• Next message (by thread): Attacks from poneytelecom.eu
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mcikael,

1) As others have mentioned your AS seemingly has a history of tolerating
abuse. I know some of the other VPS players such as DO have automated
scripts that look for attacks and lock them out. I see you peer with them
perhaps they can share some scripts ;)
2) I went to the abuse URL you have posted and it just lands at your main
page.

The offending IP was 195.154.182.242. I checked two different boxes (one
our own range and another a hosted box elsewhere) and both have entries in
the last 3 days from that IP. Scans have been going on for at least the
last 48+ hours.





On Wed, Jan 3, 2018 at 2:47 AM, Mickael Marchand <mmarchand at corp.free.fr>
wrote:

> Hi Dovid,
>
> Just fill in our abuse form at https://abuse. <https://abuse.scaleway>
> online.net
>
> I know people feel these are not processed but they actually are (and
> human reviewed)
> we are improving our automated tracking of bad guys
> more reports come in, easier it is in the end.
>
> note that most IPs you report are rented per minute and it’s usually not
> the same account (but often the same IP as they are reused quickly I agree),
> we are working on killing these accounts as fast as we can
>
> we have a long awaited overall of our abuse system coming in the next
> months and additional global scale network security in the pipe (automated
> SIP scan detection and blocking is among them for example)
>
> regards
> Mik
>
>
> Le 3 janv. 2018 à 04:11, Ahad Aboss <ahad at swiftelnetworks.com> a écrit :
>
> Have you emailed their abuse or NOC teams with the attack logs from their
> IPs?
>
> Sometimes ISP servers or their customer CPEs are compromised without their
> knowledge.
>
> On Wed, 3 Jan 2018 at 1:56 pm, Dovid Bender <dovid at telecurve.com> wrote:
>
> Hi All,
>
> Lately we have seen a lot of attacks from IPs where the PTR record ends in
> poneytelecom.eu to PBX systems. A quick search on twitter (
> https://twitter.com/hashtag/poneytelecom) shows multiple people
> complaining
> that they reported the IP's yet nothing happens. Has anyone had the
> pleasure of dealing with them and have you gotten anywhere? I wonder if the
> only option is public shaming.
>
> I would rather not ban their AS as it may hurt legit traffic but I am out
> of ideas at this point....
>
> TIA.
>
> Dovid
>
>
> --
> Mickael Marchand,
> VP Network Scaleway - Online.net
> Looking for an amazing job? Join us NOW ! https://careers.scaleway.com/
>
>
>
>

• Previous message (by thread): Attacks from poneytelecom.eu
• Next message (by thread): Attacks from poneytelecom.eu
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]