Attacks from poneytelecom.eu
hugge at nordu.net
Thu Jan 4 08:15:19 UTC 2018
Depends on what "legitimate" means.
We have a decent amount of traffic to the network (like 2Gbps sustained in any afternoon). Its typically a mix of
bittorrent, tor-relay traffic, ftp-transfers and of course the expected scanners, malware-hosts, ddos-bots and such.
For me Poney/Illiad/Online.net/Scaleway has always been a bulletproof hoster (or bulletproof transit even), the response
to abuse has always been NIL. I know tons of my customers just blocks out their whole ip-ranges in their SIP-servers and
email-machines to lessen the white-noise.
However - judging from the Online.net website it atleast seems that they are trying to up their game and look like
something that would be attractive to a legitimate business to consider. On the other hand, looking at
http://as12876.net/ it looks more like something that would rather fit as a place where i put the shady stuff, so not
sure where on the map they fall these days.
> AS12876 is online.net... home of the €2.99 physical server, perfect for all of your favorite illegitimate activity. I’m curious how much traffic originates from that ASN that is actually legitimate... probably close to none.
> Sent from my iPhone
>> On Jan 3, 2018, at 1:35 AM, Troy Mursch <troy at wolvtech.com> wrote:
>> Back in September, I documented my poor experience with AS12876 here:
>> Since then, their handling of abuse notifications (or lack thereof) has
>> largely remained the same. The volume of malicious traffic from their
>> network hasn't decreased either.
>> As you noted, others have reported similar issues with AS12876, including
>> my associate Dr. Neal Krawetz: https://twitter.com/h
>> ackerfactor/status/932593355648667649. I've also compiled a list of
>> complaints regarding AS12876 in this thread: https://twitter.com/ba
>> *Troy Mursch*
>> @bad_packets <https://twitter.com/bad_packets>
>>> On Tue, Jan 2, 2018 at 6:51 PM, Dovid Bender <dovid at telecurve.com> wrote:
>>> Hi All,
>>> Lately we have seen a lot of attacks from IPs where the PTR record ends in
>>> poneytelecom.eu to PBX systems. A quick search on twitter (
>>> https://twitter.com/hashtag/poneytelecom) shows multiple people
>>> that they reported the IP's yet nothing happens. Has anyone had the
>>> pleasure of dealing with them and have you gotten anywhere? I wonder if the
>>> only option is public shaming.
>>> I would rather not ban their AS as it may hurt legit traffic but I am out
>>> of ideas at this point....
More information about the NANOG