wanadoo.fr's ip blocks
From: Aaron Wolfe (aaron@aaronwolfe.com)Date: 12/18/01
- Previous message: Montz, James C. (James Tower): "RE: SSH Attempts: Link to RedHat?"
- Next in thread: Erik Fichtner: "Re: wanadoo.fr's ip blocks"
- Reply: Erik Fichtner: "Re: wanadoo.fr's ip blocks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Aaron Wolfe" <aaron@aaronwolfe.com> To: <incidents@securityfocus.com> Date: Mon, 17 Dec 2001 20:10:20 -0500
Thanks to all who responded confirming that just about everyone in the world
is annoyed by FTP scans from wanadoo.fr.
I have received almost 100 emails already. Since many people have requested
any info I come across, I am posting this.
Playing with whois I have come up with the following list of networks that
seems to cover every host in my own logs and the logs that others have sent
me. My testing with random IPs in these nets shows reverse dns ->
*.wanadoo.fr. If anyone can improve or correct this list please let me know.
And if there is an easier way to get this info I'd sure like to know that
too.
*.wanadoo.fr:
80.8.0.0/14
80.12.0.0/15
164.138.0.0/16
193.248.0.0/14
193.252.0.0/15
194.51.238.0/24
212.234.25.128/27
217.128.0.0/16
-aaron
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Montz, James C. (James Tower): "RE: SSH Attempts: Link to RedHat?"
- Next in thread: Erik Fichtner: "Re: wanadoo.fr's ip blocks"
- Reply: Erik Fichtner: "Re: wanadoo.fr's ip blocks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
