Attacks from poneytelecom.eu

• Previous message (by thread): Attacks from poneytelecom.eu
• Next message (by thread): Attacks from poneytelecom.eu
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Depends on what "legitimate" means.

We have a decent amount of traffic to the network (like 2Gbps sustained in any afternoon). Its typically a mix of 
bittorrent, tor-relay traffic, ftp-transfers and of course the expected scanners, malware-hosts, ddos-bots and such.

For me Poney/Illiad/Online.net/Scaleway has always been a bulletproof hoster (or bulletproof transit even), the response 
to abuse has always been NIL. I know tons of my customers just blocks out their whole ip-ranges in their SIP-servers and 
email-machines to lessen the white-noise.

However - judging from the Online.net website it atleast seems that they are trying to up their game and look like 
something that would be attractive to a legitimate business to consider. On the other hand, looking at 
http://as12876.net/  it looks more like something that would rather fit as a place where i put the shady stuff, so not 
sure where on the map they fall these days.



> AS12876 is online.net... home of the €2.99 physical server, perfect for all of your favorite illegitimate activity. I’m curious how much traffic originates from that ASN that is actually legitimate... probably close to none.
> 
> Sent from my iPhone
> 
>> On Jan 3, 2018, at 1:35 AM, Troy Mursch <troy at wolvtech.com> wrote:
>>
>> Dovid,
>>
>> Back in September, I documented my poor experience with AS12876 here:
>> https://badpackets.net/ongoing-large-scale-sip-attack-
>> campaign-coming-from-online-sas-as12876/
>> Since then, their handling of abuse notifications (or lack thereof) has
>> largely remained the same. The volume of malicious traffic from their
>> network hasn't decreased either.
>>
>> As you noted, others have reported similar issues with AS12876, including
>> my associate Dr. Neal Krawetz: https://twitter.com/h
>> ackerfactor/status/932593355648667649. I've also compiled a list of
>> complaints regarding AS12876 in this thread: https://twitter.com/ba
>> d_packets/status/937220987371732992
>>
>>
>> Thanks,
>> __
>>
>> *Troy Mursch*
>>
>> @bad_packets <https://twitter.com/bad_packets>
>>
>>> On Tue, Jan 2, 2018 at 6:51 PM, Dovid Bender <dovid at telecurve.com> wrote:
>>>
>>> Hi All,
>>>
>>> Lately we have seen a lot of attacks from IPs where the PTR record ends in
>>> poneytelecom.eu to PBX systems. A quick search on twitter (
>>> https://twitter.com/hashtag/poneytelecom) shows multiple people
>>> complaining
>>> that they reported the IP's yet nothing happens. Has anyone had the
>>> pleasure of dealing with them and have you gotten anywhere? I wonder if the
>>> only option is public shaming.
>>>
>>> I would rather not ban their AS as it may hurt legit traffic but I am out
>>> of ideas at this point....
>>>
>>> TIA.
>>>
>>> Dovid
>>>


-- 
hugge

• Previous message (by thread): Attacks from poneytelecom.eu
• Next message (by thread): Attacks from poneytelecom.eu
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]