[LACNIC/Seguridad] Abuse contact of gvt.com.br not functioning

[U.Mutlu]

Arturo Servin wrote, On 10/15/2012 05:48 PM:
>
> 	What do you mean it is not possible?
>
> 	What is your problem? Do you get SPAM or DDoS from gvt.com.br?
>
> 	It would be difficult to give an advise without knowing the problem.
> But certainly blocking the whole .cc is not a clean/optimal/advisable
> solution to say the least no matter the problem.

Especially unauthorized login attempts, ie. hacker activities, just one example:

"
Subject: [MIT-s5-BR3S083182EHL] Net Abuse: illegal ssh login attempt (hacker activity) from IP 187.115.202.83
To: abuse en gvt.com.br (Network Abuse Desk)
Date: Sat, 13 Oct 2012 11:27:37 +0200
"

This was the 3rd Abuse Report that IP had caused on that server of ours.
And we wait 2+ days before sending another AR if the attack/attempt repeats.
Ie. that company has not reacted to any of the 3 Abuse Reports for that IP,
and unfortunately there are way too many such cases...


> On 15/10/2012 13:42, U.Mutlu wrote:
>> Carlos Martinez wrote, On 10/14/2012 06:05 PM:
>>> I don't really understand your logic. You  blocked a CC of 170M people
>>> for a single domain.
>>>
>>> A more fine grained acl can be created I'm sure.
>>
>> I admit it's not the best method, I too would prefer blocking
>> on a company/domain basis (or abuse-address basis), but that is
>> IMHO not possible with the standard tools we use (iptables with
>> xtools/geoip).