On Tue, Aug 11, 2020 at 9:31 AM JORDI PALET MARTINEZ via NANOG <[email protected]> wrote: > > I don't know what you tried in APNIC, my experience is that they are usually > responding very quickly. > > Have you tried the abuse contacts of the ISP? >
For the Thai ISP space you might also get some traction just talking to the thai cert org. h ttps://www.thaicert.or.th/about-en.html perhaps even this path: https://www.thaicert.or.th/report-en.html > If they fail, have you tried to escalate to [email protected], > following our abuse-mailbox proposal > (https://www.apnic.net/wp-content/uploads/2018/08/prop-125-v001.txt), which > was adopted long time ago? > > You could also try the APNIC Talk mailing list. > > Regards, > Jordi > @jordipalet > > > > El 11/8/20 15:10, "NANOG en nombre de Alexander Maassen" > <[email protected] en nombre de > [email protected]> escribió: > > Hello folks, > > Before you shoot me with 'wrong mailing list' replies, believe me, I > tried, THNOG is dead, APNIC ain't responding either and the ISP's over > there don't seem to care much. And I've been looking at this situation for > over 2 years now since first incident. I simply hope that with the > contacts you folks have due to your professions to be able to help. > > So, I came across this botnet which decided to pick my IRC network as > control center, and I have been digging into them. It turns out that in > Thailand, people can easily get cloned modems in order to internet for > 'free', it simply boils down to mac cloning, so let me spare you the > details. The problem is that these modems also carry a digital STD in the > form of additional botnet code, allowing the controllers to do, well, > botnet stuff. > > I disabled their ability to control by glining everything on join to the > control channel, and since I am maintainer of DroneBL, add them to the > blacklist. Doing that for 2+ years now. The amount of removal requests > because people no longer are able to play on cncnet is amazing. > > My question here kinda is, how to permanently get rid of this evil in an > effective way, and who to contact? (yes, I tried to get through to NOC's > of the affected providers), or could perhaps someone be so nice to use one > of their contacts in Thailand to speed things up? > > Kind regards, > > Alexander Maassen > Maintainer DroneBL > > > > > ********************************************** > IPv4 is over > Are you ready for the new Internet ? > http://www.theipv6company.com > The IPv6 Company > > This electronic message contains information which may be privileged or > confidential. The information is intended to be for the exclusive use of the > individual(s) named above and further non-explicilty authorized disclosure, > copying, distribution or use of the contents of this information, even if > partially, including attached files, is strictly prohibited and will be > considered a criminal offense. If you are not the intended recipient be aware > that any disclosure, copying, distribution or use of the contents of this > information, even if partially, including attached files, is strictly > prohibited, will be considered a criminal offense, so you must reply to the > original sender to inform about this communication and delete it. > > >
