[LACNIC/Seguridad] Abuse contact of gvt.com.br not functioning

Arturo Servin aservin en lacnic.net
Lun Oct 15 12:48:30 BRT 2012 

	What do you mean it is not possible?

	What is your problem? Do you get SPAM or DDoS from gvt.com.br?

	It would be difficult to give an advise without knowing the problem.
But certainly blocking the whole .cc is not a clean/optimal/advisable
solution to say the least no matter the problem.

Regards,
as

On 15/10/2012 13:42, U.Mutlu wrote:
> Carlos Martinez wrote, On 10/14/2012 06:05 PM:
>> I don't really understand your logic. You  blocked a CC of 170M people
>> for a single domain.
>>
>> A more fine grained acl can be created I'm sure.
> 
> I admit it's not the best method, I too would prefer blocking
> on a company/domain basis (or abuse-address basis), but that is
> IMHO not possible with the standard tools we use (iptables with
> xtools/geoip).
> 
> 
>> Sent from a mobile device
>>
>> On Oct 14, 2012, at 12:55 PM, "U.Mutlu" <security en mutluit.com> wrote:
>>
>>> We contacted that company many times, but they seem to cover and
>>> protect the hackers.
>>>
>>> Since we don't have any business contacts with BR we finally
>>> came to the decision to block the whole of CC=BR (together with
>>> some other countries like CC=CN) at the firewall level.
>>>
>>>
>>> Arturo Servin wrote, On 10/11/2012 08:44 PM:
>>>>
>>>>     Have you tried a phone call of any of the tech, admin, billing and
>>>> abouse contacts?
>>>>
>>>> Regards
>>>> as
>>>>
>>>> On 11/10/2012 15:56, Ricardo Patara wrote:
>>>>> Hello,
>>>>>
>>>>> Although, the abuse contact is also pointing to abuse en gvt.net in
>>>>> Registro.br (NIR in Brazil) database, there you will also find
>>>>> other contacts:
>>>>>
>>>>> operacao en gvt.com.br (routing contact)
>>>>> registro en gvt.com.br (admin contact)
>>>>>
>>>>> Regards
>>>>> -- 
>>>>> Ricardo Patara
>>>>>
>>>>> Em 11/10/2012, ās 09:40, U.Mutlu <security en mutluit.com> escreveu:
>>>>>
>>>>>> Hello,
>>>>>> the network abuse contact email address of the domain gvt.com.br,
>>>>>> abuse en gvt.com.br in LACNIC WHOIS database, isn't functioning; all
>>>>>> emails bounce:
>>>>>> "
>>>>>> SMAIL SMTP-Send FF = "gvt.net.br" SMTP = "mutluit.com" From =
>>>>>> "security en mutluit.com" To = "abuse en gvt.net.br" Failed !
>>>>>> SMTP-Error = "417 Temporary delivery error"
>>>>>> SMTP-Server = "gvt.net.br"
>>>>>> "
>>>>>>
>>>>>> This is not a temporary error, it is happening for several
>>>>>> days/weeks now.
>>>>>> I've sent emails to other email addresses of that company, but
>>>>>> nothing happens.
>>>>>>
>>>>>> Which LACNIC section or email address is responsible for such issues
>>>>>> of network operation and security?
>>>>>>
>>>>>> Regards,
>>>>>> U.Mutlu
> 
> _______________________________________________
> Seguridad mailing list
> Seguridad en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/seguridad

Más información sobre la lista de distribución Seguridad