[LACNIC/Seguridad] Abuse contact of gvt.com.br not functioning

U.Mutlu security en mutluit.com
Lun Oct 15 13:11:00 BRT 2012

Arturo Servin wrote, On 10/15/2012 05:48 PM:
> 	What do you mean it is not possible?
> 	What is your problem? Do you get SPAM or DDoS from gvt.com.br?
> 	It would be difficult to give an advise without knowing the problem.
> But certainly blocking the whole .cc is not a clean/optimal/advisable
> solution to say the least no matter the problem.

Especially unauthorized login attempts, ie. hacker activities, just one example:

Subject: [MIT-s5-BR3S083182EHL] Net Abuse: illegal ssh login attempt (hacker activity) from IP
To: abuse en gvt.com.br (Network Abuse Desk)
Date: Sat, 13 Oct 2012 11:27:37 +0200

This was the 3rd Abuse Report that IP had caused on that server of ours.
And we wait 2+ days before sending another AR if the attack/attempt repeats.
Ie. that company has not reacted to any of the 3 Abuse Reports for that IP,
and unfortunately there are way too many such cases...

> On 15/10/2012 13:42, U.Mutlu wrote:
>> Carlos Martinez wrote, On 10/14/2012 06:05 PM:
>>> I don't really understand your logic. You  blocked a CC of 170M people
>>> for a single domain.
>>> A more fine grained acl can be created I'm sure.
>> I admit it's not the best method, I too would prefer blocking
>> on a company/domain basis (or abuse-address basis), but that is
>> IMHO not possible with the standard tools we use (iptables with
>> xtools/geoip).

Más información sobre la lista de distribución Seguridad