Re: [swinog] Belgian spammer
If you are going to complain about someone, could you at least include headers of these spams? Also, it would be prudent to contact the ISP that the spamvertised sites are located. I'd suggest to post your full spam message in the form on www.spamcop.net and it will give you all the abuse contacts of the networks involved in the message (headers, body and URIs). Regards Jean-Pierre -- HILOTEC Engineering + Consulting AG - Langnau im Emmental Energietechnik und Datensysteme: Server, PCs, Linux, Telefonanlagen, VOIP, Hosting, Datenbanken, Entwicklung, Komplettlösungen für KMUs Tel: +41 34 408 01 00 - http://www.hilotec.com/ ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] How to automate abuse complaints for ip based violations
Hi there, when looking through traffic analysis, I can more or less easily identify IP addresses that exhibit bad behavior (like massive port/address scanning, attempting to log into joomla/wp administration URLs, POP3/SMTP account scanning, etc) which need to be blocked. Now, since most of these IPs are not the actual culprits, but merely infected machines, it would be helpful for the internet health as a whole to report such incidents to their respective ISPs. Here's where the problem starts:) My manual approach would be to lookup whois data for the respective IP (which by itself can be a multi step process, since you first need to find the right registry), and look for an abuse-contact there. But, whois isn't exactly engineered for automated mass lookups (+), and if I did this I'm sure I'd probably be violating terms of use of at least some of the registry whois servers, and be locked out. So, what alternatives are there? I saw that abuse.net keeps a nice DNS based lookup service for domain names, but they unfortunately don't do this for IP addresses. How are others doing this? I know I occasionally received output of fail2ban scripts when working for a larger ISP. Are these all in-house local developments? Cheers, Markus (+) joomla/wp scans alone yielded 3000 ip addresses in one day for our little network... ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] How to automate abuse complaints for ip based violations
Hi Markus So, what alternatives are there? How about using services from Dshield (http://www.dshield.org/howto.html) or Threatstop (http://www.threatstop.com/IP-Reputation-Service-Overview especially step 5) Basically you submit your logs and they do the lookup for you and you can benefit from getting offendig IPs from other ISPs. Regards Jean-Pierre -- HILOTEC Engineering + Consulting AG - Langnau im Emmental Energietechnik und Datensysteme: Server, PCs, Linux, Telefonanlagen, VOIP, Hosting, Datenbanken, Entwicklung, Komplettlösungen für KMUs Tel: +41 34 408 01 00 - http://www.hilotec.com/ ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] How to automate abuse complaints for ip based violations
Hi Markus There are a couple of standardized abuse report forms to report incidents or spam which can automaticly be processed by abuse desks. Ask Google for ARF oder X-ARF Then there is the problem of finding the abuse contacts. I agree, whois reply parsing is absolutely ugly, especialy as you have to follow refferals in the case of ARIN and APNIC. RIPE is easy, they have an API you can query: https://apps.db.ripe.net/search/abuse-finder.html https://labs.ripe.net/ripe-database/abuse-handling-in-the-ripe-database Example API call in JSON: https://apps.db.ripe.net/whois/use-cases/abuse- finder.json?source=ripeprimary-key=157.161.1.2 (also works without ssl) Apparently Afrinic offers a similar API which I haven't found yet. If anyone knows of other such APIs on the other RIR, I would be delighted to know about them. And of course there is the abusix.org contacts database via DNS: $ host -t txt 0.0.161.157.abuse-contacts.abusix.org 0.0.161.157.abuse-contacts.abusix.org descriptive text ab...@imp.ch Mit freundlichen Grüssen Benoit Panizzon -- I m p r o W a r e A G- __ Zurlindenstrasse 29 Tel +41 61 826 93 07 CH-4133 PrattelnFax +41 61 826 93 02 Schweiz Web http://www.imp.ch __ ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] How to automate abuse complaints for ip based violations
On 2013-08-23 09:43, Markus Wild wrote: [..] My manual approach would be to lookup whois data for the respective IP (which by itself can be a multi step process, since you first need to find the right registry), and look for an abuse-contact there. But, whois isn't exactly engineered for automated mass lookups (+), and if I did this I'm sure I'd probably be violating terms of use of at least some of the registry whois servers, and be locked out. So, what alternatives are there? I saw that abuse.net keeps a nice DNS based lookup service for domain names, but they unfortunately don't do this for IP addresses. How are others doing this? I know I occasionally received output of fail2ban scripts when working for a larger ISP. Are these all in-house local developments? Please check for instance: https://code.google.com/p/collective-intelligence-framework/ or http://csirtgadgets.org/ Greets, Jeroen ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Belgian spammer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am Do den 22. Aug 2013 um 10:58 schrieb Jeroen Massar: Contact Kangaroot (AS28707) who are the ISP hosting their netblock: [WHOIS info] They should be able to put a stop on this, or they will in time appear on spamhaus... Definitely forward as much information to the latter entity too.. Also http://www.ecops.be/ is the place to report these kind of issues in Belgium. That is the Belgium Federal Crime Unit. Put http://www.privacycommission.be/en/node/7465 through a translator to get more details. CC'ing ecops.be when mailing kangaroot should have the proper effect... I did not make good experiences with spam reports to foreign companies or authorities. Usually you hear nothing and nothing hapens. Even in Germany it is nearly impossible to get a address of a spammer to sue him. And in countries with languages I do not speak ... But thanks for your help. It might be a idea to feed them to spamhaus. Also I got a private mail from two here that have same problems with this guy. Gruß Klaus Ps. No Need to put my private address in Cc as I am reading the list and like to don't have the stuff in two boxes. - -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen kl...@ethgen.de Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (GNU/Linux) iQGcBAEBCgAGBQJSFx8EAAoJEKZ8CrGAGfasjVMMAKf6TsZg1/bUMpgAuOV9UtSY P+HeqyT0hVvO/ESswOdScwmlAKypW3Y/VAqGTE7TAd9R1xi7TgXGSH94NhDtSTh7 DLSEdoTr31mgACmqgweTDUPpwr3J8P/TdwufAOG9G9qbkC5e5mTU6TVf4bEFi0FH OnfAcLIerreDSS/U+TuZo5AQqQHVtJFU88fOyqJkNqJo1aHtHUDuWhgczQzaP7rn X7b9+K5Su1sqkKEYvrkFwximkEBG7ib9cRhfJI8upjVufwvlxfAOIYoyE1s6Y4bV TgSgjP/aGaBHESk/a07rrG6wa5FV2pjMKIrd/6gJpfXqc8yP2tdURIEBlVLxuL68 mC5HFqrkxR6POZ0F4WgPk1e9e4ipo4mUosgRe/1ig7HAnAqvXq1A0HWknrO9a6rC 1ePKeBnh9p4g1IQBmdNix5w4amOY6Sn/Dxvz3fEmEOYoEKXxPbpLPpg/DfrjpJ04 BX3acE7+cg3PnMeXDpifJRDf1KaXEWpZR0BG5sNutg== =jgE9 -END PGP SIGNATURE- ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Small VoIP PBX recommendations
if you ask here: https://plus.google.com/communities/114149566116254233716 you will most probably get a quality answer. From: Andre Oppermann opperm...@networx.ch To: swi...@swinog.ch Sent: Thursday, August 22, 2013 6:56 PM Subject: [swinog] Small VoIP PBX recommendations I'm looking for recommendations on small VoIP PBX systems with these properties: - works well with Snom, Aastra, and Soft-phones - 10-15 phones - basic admin (web gui) to configure accounts and assign numbers (DDI) - reliable and secure operation - support for uplink SIP trunking (no BRI ports) - log for CDRs to see who cost how much An opensource solution running on Linux/FreeBSD would be preferred, a small and good complete hardware solution for a couple of hundred bucks would acceptable as well. In either case it should be relatively straight forward and low hassle installation and operation. What would you recommend? Which packages would you rather avoid? ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog