Re: Attacks from poneytelecom.eu

Most VPS / hosting abuse departments are understaffed (if they exist at all), and even when they do dig in, the last thing most of them want to do with razor thin margins is to shut off a paying customer unless they REALLY REALLY have to. Noe of this should be a surprise. On Sat, Jan 13, 2018 at

Re: Attacks from poneytelecom.eu

On Thu, Jan 04, 2018 at 09:15:19AM +0100, Fredrik Korsb??ck wrote: > For me Poney/Illiad/Online.net/Scaleway has always been a bulletproof hoster > (or bulletproof transit even), the response to abuse has always been NIL. They're still a bulletproof hoster, and they fully support, endorse, and

Re: Attacks from poneytelecom.eu

On Fri, Jan 5, 2018, at 00:34, Stephen Satchell wrote: > On 01/04/2018 01:02 PM, Dan Hollis wrote: > > when the first tier incompetence stops, the direct contacts will stop too. > > But, but, but...when the first tier support person gets the training to > not be incompetent, he is promoted to

Re: Attacks from poneytelecom.eu

On Thu, Jan 4, 2018, at 06:46, Tim Burke wrote: > AS12876 is online.net... home of the €2.99 physical server, perfect for > all of your favorite illegitimate activity. I’m curious how much traffic > originates from that ASN that is actually legitimate... probably close > to none. For you, in

Re: Attacks from poneytelecom.eu

On 01/05/2018 11:38 AM, Dovid Bender wrote: I may have to take back what I said. Yes the attacks stopped from what IP but they magically started again from another IP of theirs in a different. Range. seems like the attacker picked up where they left off just from a new UP. Almost as if they told

Re: Attacks from poneytelecom.eu

I may have to take back what I said. Yes the attacks stopped from what IP but they magically started again from another IP of theirs in a different. Range. seems like the attacker picked up where they left off just from a new UP. Almost as if they told the attacker they got complaints and they

Re: Attacks from poneytelecom.eu

It's classic Max Weber's formal description of bureaucracy, in the good sense, ca 1900-1920 as an administrative/management structure. You try to set up the local office (call it first-tier) so they can answer about 90% of all questions. The other 10% are kicked up to the regional (call it 2nd

Re: Attacks from poneytelecom.eu

On Thu, 04 Jan 2018 12:58:48 -0800, Dan Hollis said: > On Thu, 4 Jan 2018, valdis.kletni...@vt.edu wrote: > > Been there, done that. Been out of the country and offline for 36 hours, > > reconnect and there's a user with a problem that would have been dealt > > with 36 hours earlier if they had

Re: Attacks from poneytelecom.eu

On 01/04/2018 01:02 PM, Dan Hollis wrote: when the first tier incompetence stops, the direct contacts will stop too. But, but, but...when the first tier support person gets the training to not be incompetent, he is promoted to the second tier and the vacuum is filled with another incompetent

Re: Attacks from poneytelecom.eu

On Thu, Jan 4, 2018 at 4:02 PM, Dan Hollis wrote: > On Thu, 4 Jan 2018, William Herrin wrote: > >> On Thu, Jan 4, 2018 at 11:48 AM, Michael Crapse >> wrote: >> >>> I've never dealt with a support queue that resolved the issue faster than >>> a

Re: Attacks from poneytelecom.eu

On Thu, 4 Jan 2018, William Herrin wrote: On Thu, Jan 4, 2018 at 11:48 AM, Michael Crapse wrote: I've never dealt with a support queue that resolved the issue faster than a direct contact. I've never dealt with a support queue that's more competent than the last direct

Re: Attacks from poneytelecom.eu

On Thu, 4 Jan 2018, valdis.kletni...@vt.edu wrote: On Thu, 04 Jan 2018 09:33:51 -0500, William Herrin said: Why anyone thinks it's acceptable for the form submission to vanish in to the faceless support queue is more of a quandary. The form submission should provide a case number, the

Re: Attacks from poneytelecom.eu

On Thu, Jan 4, 2018 at 11:48 AM, Michael Crapse wrote: > I've never dealt with a support queue that resolved the issue faster than > a direct contact. > I've never dealt with a support queue that's more competent than the last direct contact I talked with. Navigating the

Re: Attacks from poneytelecom.eu

On 1/4/2018 12:36 PM, valdis.kletni...@vt.edu wrote: On Thu, 04 Jan 2018 09:48:24 -0700, Michael Crapse said: I've never dealt with a support queue that resolved the issue faster than a direct contact. Which would the user prefer - a guaranteed 15 minute response time from the queue, or 10

Re: Attacks from poneytelecom.eu

On Thu, 04 Jan 2018 09:48:24 -0700, Michael Crapse said: > I've never dealt with a support queue that resolved the issue faster than a > direct contact. Which would the user prefer - a guaranteed 15 minute response time from the queue, or 10 minute from a direct contact, unless it's an hour

Re: Attacks from poneytelecom.eu

I've never dealt with a support queue that resolved the issue faster than a direct contact. On 4 January 2018 at 09:12, wrote: > On Thu, 04 Jan 2018 09:33:51 -0500, William Herrin said: > > > Why anyone thinks it's acceptable for the form submission to vanish in to > >

Re: Attacks from poneytelecom.eu

On Thu, 04 Jan 2018 09:33:51 -0500, William Herrin said: > Why anyone thinks it's acceptable for the form submission to vanish in to > the faceless support queue is more of a quandary. The form submission > should provide a case number, the individual to whom it is assigned, direct > contact

Re: Attacks from poneytelecom.eu

On Thu, Jan 04, 2018 at 09:33:51AM -0500, William Herrin wrote: > Because the number of people who successfully provide actionable > information without being prompted is vanishingly small and the number of > people who fire off automated complaints to the best guess abuse address > (also without

Re: Attacks from poneytelecom.eu

In their defense I was pleasantly surprised that I got a response back from them telling me the account was banned. Though it makes me wonder if this is just them trying to save face. I have spoken with the guys that run DO's network and they have an extensive amount of automation to weed out

Re: Attacks from poneytelecom.eu

On 01/03/2018 09:46 PM, Tim Burke wrote: AS12876 is online.net... home of the €2.99 physical server, perfect for all of your favorite illegitimate activity. I’m curious how much traffic originates from that ASN that is actually legitimate... probably close to none. SETI at home? Bitcoin

Re: Attacks from poneytelecom.eu

On Wed, Jan 3, 2018 at 10:57 PM, Dan Hollis wrote: > On Wed, 3 Jan 2018, Dovid Bender wrote: > >> On Wed, Jan 3, 2018 at 2:47 AM, Mickael Marchand >> wrote: >> >>> Hi Dovid, >>> >>> Just fill in our abuse form at https://abuse.

Re: Attacks from poneytelecom.eu

Depends on what "legitimate" means. We have a decent amount of traffic to the network (like 2Gbps sustained in any afternoon). Its typically a mix of bittorrent, tor-relay traffic, ftp-transfers and of course the expected scanners, malware-hosts, ddos-bots and such. For me

Re: Re: Attacks from poneytelecom.eu

Quite a lot actually. Those servers are fine seedboxes. People also use them for media storage, i.e. online galleries and smaller video streaming sites. Filip > > On 4 Jan 2018 at 6:46 am,wrote: > > > AS12876 is online.net... home of the €2.99

Re: Attacks from poneytelecom.eu

AS12876 is online.net... home of the €2.99 physical server, perfect for all of your favorite illegitimate activity. I’m curious how much traffic originates from that ASN that is actually legitimate... probably close to none. Sent from my iPhone > On Jan 3, 2018, at 1:35 AM, Troy Mursch

Re: Attacks from poneytelecom.eu

On Wed, 3 Jan 2018, Dovid Bender wrote: On Wed, Jan 3, 2018 at 2:47 AM, Mickael Marchand wrote: Hi Dovid, Just fill in our abuse form at https://abuse. online.net I have no idea why anyone thinks it is acceptable to require victims to fill

Re: Attacks from poneytelecom.eu

On Tue, Jan 02, 2018 at 11:35:14PM -0800, Troy Mursch wrote: > Back in September, I documented my poor experience with AS12876 here: [snip] That AS has been originating brute-force attacks against ssh, pop, imap, etc. for at least four years (and likely longer, but I didn't have older logs

Re: Attacks from poneytelecom.eu

Mcikael, 1) As others have mentioned your AS seemingly has a history of tolerating abuse. I know some of the other VPS players such as DO have automated scripts that look for attacks and lock them out. I see you peer with them perhaps they can share some scripts ;) 2) I went to the abuse URL you

Re: Attacks from poneytelecom.eu

Dovid, Back in September, I documented my poor experience with AS12876 here: https://badpackets.net/ongoing-large-scale-sip-attack- campaign-coming-from-online-sas-as12876/ Since then, their handling of abuse notifications (or lack thereof) has largely remained the same. The volume of malicious

Re: Attacks from poneytelecom.eu

Have you emailed their abuse or NOC teams with the attack logs from their IPs? Sometimes ISP servers or their customer CPEs are compromised without their knowledge. On Wed, 3 Jan 2018 at 1:56 pm, Dovid Bender wrote: > Hi All, > > Lately we have seen a lot of attacks from

Attacks from poneytelecom.eu

Hi All, Lately we have seen a lot of attacks from IPs where the PTR record ends in poneytelecom.eu to PBX systems. A quick search on twitter ( https://twitter.com/hashtag/poneytelecom) shows multiple people complaining that they reported the IP's yet nothing happens. Has anyone had the pleasure