[LACNIC/Seguridad] Abuse contact of gvt.com.br not functioning

U.Mutlu security en mutluit.com
Lun Oct 15 12:42:14 BRT 2012 

Carlos Martinez wrote, On 10/14/2012 06:05 PM:
> I don't really understand your logic. You  blocked a CC of 170M people for a single domain.
>
> A more fine grained acl can be created I'm sure.

I admit it's not the best method, I too would prefer blocking
on a company/domain basis (or abuse-address basis), but that is
IMHO not possible with the standard tools we use (iptables with xtools/geoip).


> Sent from a mobile device
>
> On Oct 14, 2012, at 12:55 PM, "U.Mutlu" <security en mutluit.com> wrote:
>
>> We contacted that company many times, but they seem to cover and protect the hackers.
>>
>> Since we don't have any business contacts with BR we finally
>> came to the decision to block the whole of CC=BR (together with
>> some other countries like CC=CN) at the firewall level.
>>
>>
>> Arturo Servin wrote, On 10/11/2012 08:44 PM:
>>>
>>>     Have you tried a phone call of any of the tech, admin, billing and
>>> abouse contacts?
>>>
>>> Regards
>>> as
>>>
>>> On 11/10/2012 15:56, Ricardo Patara wrote:
>>>> Hello,
>>>>
>>>> Although, the abuse contact is also pointing to abuse en gvt.net in Registro.br (NIR in Brazil) database, there you will also find other contacts:
>>>>
>>>> operacao en gvt.com.br (routing contact)
>>>> registro en gvt.com.br (admin contact)
>>>>
>>>> Regards
>>>> --
>>>> Ricardo Patara
>>>>
>>>> Em 11/10/2012, ās 09:40, U.Mutlu <security en mutluit.com> escreveu:
>>>>
>>>>> Hello,
>>>>> the network abuse contact email address of the domain gvt.com.br,
>>>>> abuse en gvt.com.br in LACNIC WHOIS database, isn't functioning; all emails bounce:
>>>>> "
>>>>> SMAIL SMTP-Send FF = "gvt.net.br" SMTP = "mutluit.com" From = "security en mutluit.com" To = "abuse en gvt.net.br" Failed !
>>>>> SMTP-Error = "417 Temporary delivery error"
>>>>> SMTP-Server = "gvt.net.br"
>>>>> "
>>>>>
>>>>> This is not a temporary error, it is happening for several days/weeks now.
>>>>> I've sent emails to other email addresses of that company, but nothing happens.
>>>>>
>>>>> Which LACNIC section or email address is responsible for such issues
>>>>> of network operation and security?
>>>>>
>>>>> Regards,
>>>>> U.Mutlu

Más información sobre la lista de distribución Seguridad