RE: China Experience ?

From: Curley Mr Eric P (CurleyEP@NOC.USMC.MIL)
Date: 07/22/02 

From: Curley Mr Eric P <CurleyEP@NOC.USMC.MIL>
To: "'incidents.nospam13@web-cities.net'" <incidents.nospam13@web-cities.net>
Date: Mon, 22 Jul 2002 13:20:00 -0400

When you are referring to black hole do you mean Black Hat (bad guys) list?
CHINANET is a very big offender when it comes to Incident based activity.
Now take into account that that does not mean that is where the attack is
originating from. It also does not mean that the sysadmin's are ignoring
abuse complaints; there are usually massive amounts of incidents that this
region has to attend to and there is usually a lack of personnel or
knowledge to compensate for the demand. Other subnets to look out for are
from Korea, Taiwan and Hong Kong. I have seen many incidents coming from
these netblocks as well. Performing Arin lookup's and IP index research will
give you a quantitive list of IP's to keep an eye on after incidents occur.

-----Original Message-----
From: incidents.nospam13@web-cities.net
[mailto:incidents.nospam13@web-cities.net]
Sent: Monday, July 22, 2002 12:40 PM
Cc: incidents@securityfocus.com
Subject: Re: China Experience ?

How many of you blackhole ISP's?
I blackhole generic stuff like on the secure IOS templates but never really
considered this.
Anyone have a blackhole lists that they can share?

Regards,
Dr Bado.

----- Original Message -----
From: "Curley Mr Eric P" <CurleyEP@NOC.USMC.MIL>
To: <bonk@webchat.chatsystems.com>; "Bob DeRosier"
<bob.derosier@globalenglish.net>
Cc: <incidents@securityfocus.com>
Sent: Monday, July 22, 2002 5:22 AM
Subject: RE: China Experience ?

> I'm going to have to agree with Bob on this one. I know that most of us
> like to go to the heart of the problem and contact the ISP's sysadmin in
> times of abuse and policy issues but these subnet have been well known for
> quite some time to be black hat sanctuaries. I personal block all of
these
> subnet's at the border. If I don't do business with them then I don't
need
> to see their traffic. It has cleared up a lot of noise coming over the
> wire.
>
> Cheers,
> Eric
>
> -----Original Message-----
> From: bonk@webchat.chatsystems.com [mailto:bonk@webchat.chatsystems.com]
> Sent: Friday, July 19, 2002 9:41 PM
> To: Bob DeRosier
> Cc: incidents@securityfocus.com
> Subject: Re: China Experience ?
>
>
> On Fri, 19 Jul 2002, Bob DeRosier wrote:
>
> >
> > I am looking for information about dealing with the authorities in China
> > with regard to attack attempts. Does anyone know what the procedure is,
> who
> > to contact, what they do after they are contacted, any possible fallout
> from
> > such an action ?
>
> From a security standpoint, I've found that null routing all of their IP
> space you can find is very benefecial. In dealing with security and abuse
> related issues for quite some time, I have never had China reply or take
> any action so I've been forced to the extreme in the case with China (and
> others).
>
> > Bob
>
>
>
>
>
> =================================================
> Travis
> www.cyberabuse.org/crimewatch
> Email: Bonk@chatsystems.com | Bonk@cyberabuse.org
> =================================================
> /"\
> \ /
> X ASCII Ribbon Campaign
> / \ Against HTML Email
>
>
> -------------------------------------------------------------------------- 

--
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
> --------------------------------------------------------------------------
--
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Relevant Pages

  • Standardized Reporting
    ... > picked up a book called Incident Response awhile ago ... For starters, I don't see problem with folks posting, ... logs, ... of the lists is the "seagull poster"...he swoops in, ...
    (Incidents)
  • RE: Subseven Scans; Standardized Reporting
    ... [SNIP] ... I am simply pointing out that on the lists, ... picked up a book called Incident Response awhile ago and they had some ... on to develop my own template that was appropriate to my specific situation. ...
    (Incidents)
  • Re: 2005 Top 10 Traffic Incidents
    ... > traffic gathering and reporting operation in America, ... Compiled by Metro ... "incident", but the article lists traffic tie-ups and such. ...
    (misc.transport.trucking)
  • NT/2K/XP Incident Response Training
    ... Look at the lists, for example. ... which a Unix admin had to respond to an incident. ... I've created a Incident Response ... BlackHat Windows Security conference. ...
    (Incidents)
  • RE: Matt Wright FormMail Attacks
    ... Subject: Matt Wright FormMail Attacks ... This list is provided by the SecurityFocus ARIS analyzer service. ... For more information on this free incident handling, ... and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)