Attacks from poneytelecom.eu
Tim Burke
tb at tburke.us
Thu Jan 4 05:46:18 UTC 2018
AS12876 is online.net... home of the €2.99 physical server, perfect for all of your favorite illegitimate activity. I’m curious how much traffic originates from that ASN that is actually legitimate... probably close to none.
Sent from my iPhone
> On Jan 3, 2018, at 1:35 AM, Troy Mursch <troy at wolvtech.com> wrote:
>
> Dovid,
>
> Back in September, I documented my poor experience with AS12876 here:
> https://badpackets.net/ongoing-large-scale-sip-attack-
> campaign-coming-from-online-sas-as12876/
> Since then, their handling of abuse notifications (or lack thereof) has
> largely remained the same. The volume of malicious traffic from their
> network hasn't decreased either.
>
> As you noted, others have reported similar issues with AS12876, including
> my associate Dr. Neal Krawetz: https://twitter.com/h
> ackerfactor/status/932593355648667649. I've also compiled a list of
> complaints regarding AS12876 in this thread: https://twitter.com/ba
> d_packets/status/937220987371732992
>
>
> Thanks,
> __
>
> *Troy Mursch*
>
> @bad_packets <https://twitter.com/bad_packets>
>
>> On Tue, Jan 2, 2018 at 6:51 PM, Dovid Bender <dovid at telecurve.com> wrote:
>>
>> Hi All,
>>
>> Lately we have seen a lot of attacks from IPs where the PTR record ends in
>> poneytelecom.eu to PBX systems. A quick search on twitter (
>> https://twitter.com/hashtag/poneytelecom) shows multiple people
>> complaining
>> that they reported the IP's yet nothing happens. Has anyone had the
>> pleasure of dealing with them and have you gotten anywhere? I wonder if the
>> only option is public shaming.
>>
>> I would rather not ban their AS as it may hurt legit traffic but I am out
>> of ideas at this point....
>>
>> TIA.
>>
>> Dovid
>>
More information about the NANOG
mailing list