[131493] in North American Network Operators' Group
RE: DDOS attack via as702 87.118.210.122
daemon@ATHENA.MIT.EDU (Steve Adcock)
Tue Oct 26 10:25:21 2010
From: Steve Adcock <Steve.Adcock@ioko.com>
To: Cutler James R <james.cutler@consultant.com>, "nanog@merit.edu"
<nanog@merit.edu>
Date: Tue, 26 Oct 2010 15:18:29 +0100
In-Reply-To: <BB06619F-281F-4F8D-8A69-F8590366125F@consultant.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--_002_E3CA7CD19CB1E847A999B2ECFB25D9A13E73B4E9BFINTCL1EX01uki_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Must admit I thought what Jack supplied said between AS 701 - 705 which is =
MCI/Verizon and correct?
ASNumber: 701 - 705
ASName: UUNET
ASHandle: AS701
RegDate: 1990-08-03
Updated: 2008-07-24
Ref: http://whois.arin.net/rest/asn/AS701
If you done some manual work like a bit of ripe/cidr-report and used networ=
k tools for a whois you would get the answer.
Cheers
Steven
-----Original Message-----
From: Cutler James R [mailto:james.cutler@consultant.com]=20
Sent: 26 October 2010 14:54
To: nanog@merit.edu
Subject: Re: DDOS attack via as702 87.118.210.122
Jack,
I agree that whois is hard. Please explain how you knew to query AS701 when=
Serg asked about AS702. =20
computer:~ me$ whois as702
<SNIP>
No match for "AS702".
>>> Last update of whois database: Tue, 26 Oct 2010 13:47:47 UTC <<<
Regards.
Cutler
On Oct 26, 2010, at 9:22 AM, Jack Carrozzo wrote:
> Whois is hard, let's go shopping:
>=20
> jackc@anna ~ $ whois as701
>=20
> <SNIP/>
> -Jack Carrozzo
>=20
> On Tue, Oct 26, 2010 at 7:51 AM, Serg Shubenkov <Serg@macomnet.net> wrote=
:
>=20
>>=20
>> Hello, list.
>>=20
>> Please send me off-list abuse contact for as702.
>>=20
>> --
>> Serg Shubenkov, MAcomnet, Internet Dept., Head of Inet Department
>> phone: +7 495 7969392/9079, +7 916 5316625, mailto:serg@macomnet.net
>> icq uin: 101964103, Skype: serg.v.shubenkov
>>=20
>>=20
>>=20
>>=20
James R. Cutler
james.cutler@consultant.com
--_002_E3CA7CD19CB1E847A999B2ECFB25D9A13E73B4E9BFINTCL1EX01uki_
Content-Type: message/rfc822
Received: from intixsv01.ix.ioko365.com (83.98.65.20) by
INTVMEX03.UK.IOKO365.COM (172.18.10.21) with Microsoft SMTP Server id
8.2.176.0; Tue, 26 Oct 2010 14:24:09 +0100
Received: from mail189.messagelabs.com ([85.158.139.179]) by
intixsv01.ix.ioko365.com with esmtp (Exim 4.51) id 1PAjVX-0003wL-8w for
steve.adcock@ioko.com; Tue, 26 Oct 2010 14:24:07 +0100
Received: (qmail 31630 invoked from network); 26 Oct 2010 13:24:06 -0000
Received: from s0.nanog.org (HELO s0.nanog.org) (198.108.95.20) by
server-6.tower-189.messagelabs.com with DHE-RSA-AES256-SHA encrypted
SMTP; 26 Oct 2010 13:24:06 -0000
Received: from localhost ([::1] helo=s0.nanog.org) by s0.nanog.org with esmtp
(Exim 4.68 (FreeBSD)) (envelope-from <nanog-bounces@nanog.org>) id
1PAjVR-000CCy-1e; Tue, 26 Oct 2010 13:24:01 +0000
Received: from thor.merit.edu ([198.108.1.14]) by s0.nanog.org with esmtp
(Exim 4.68 (FreeBSD)) (envelope-from <jack@crepinc.com>) id
1PAjUR-000Ai7-3N
for nanog@s0.nanog.org; Tue, 26 Oct 2010 13:22:59 +0000
Received: from mail-qy0-f180.google.com ([209.85.216.180]) by thor.merit.edu
with ESMTP; 26 Oct 2010 09:22:58 -0400
Received: by qyk8 with SMTP id 8so2996923qyk.4 for <nanog@merit.edu>; Tue, 26
Oct 2010 06:22:58 -0700 (PDT)
Received: by 10.229.94.137 with SMTP id z9mr7649725qcm.271.1288099377894; Tue,
26 Oct 2010 06:22:57 -0700 (PDT)
Received: by 10.229.98.78 with HTTP; Tue, 26 Oct 2010 06:22:57 -0700 (PDT)
From: Jack Carrozzo <jack@crepinc.com>
To: Serg Shubenkov <Serg@macomnet.net>
CC: "nanog@merit.edu" <nanog@merit.edu>
Date: Tue, 26 Oct 2010 14:22:57 +0100
Subject: Re: DDOS attack via as702 87.118.210.122
Thread-Topic: DDOS attack via as702 87.118.210.122
Thread-Index: Act1ERK61jLr6cBRQlKDi4aKi3mOuQ==
Message-ID: <AANLkTimTC2xF38_qAanoFP+V2=Ugr+3J2Sep2B1Rht14@mail.gmail.com>
References: <20101026154527.G38880@dry.macomnet.ru>
List-Help: <mailto:nanog-request@nanog.org?subject=help>
List-Subscribe: <https://mailman.nanog.org/mailman/listinfo/nanog>,
<mailto:nanog-request@nanog.org?subject=subscribe>
List-Unsubscribe: <https://mailman.nanog.org/mailman/listinfo/nanog>,
<mailto:nanog-request@nanog.org?subject=unsubscribe>
In-Reply-To: <20101026154527.G38880@dry.macomnet.ru>
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-AuthSource: INTVMEX03.uk.ioko365.com
X-MS-Has-Attach:
X-Auto-Response-Suppress: All
X-MS-TNEF-Correlator:
x-ioko-mailscanner: Found to be clean
x-spamreason: No, hits=0.0 required=7.0 tests=sa_preprocessor:
VHJ1c3RlZCBJUDogMTk4LjEwOC45NS4yMCA9PiA1NTk4ODQ=\n
x-msg-ref: server-6.tower-189.messagelabs.com!1288099445!89437262!1
x-env-sender: nanog-bounces+steve.adcock=ioko.com@nanog.org
x-starscan-version: 6.2.4; banners=-,-,-
x-ioko-mailscanner-from: nanog-bounces+steve.adcock=ioko.com@nanog.org
x-ioko-mailscanner-information: Please contact the ISP for more information
x-ioko-mailscanner-spamcheck: not spam, SpamAssassin (cached, score=-0.233,
required 6, BAYES_00 -0.30, RCVD_BY_IP 0.07)
x-viruschecked: Checked
x-originating-ip: [198.108.95.20]
x-ironport-av: E=Sophos;i="4.58,241,1286164800"; d="scan'208";a="43303709"
x-ironport-anti-spam-result: AvUAAE5zxkzRVdi0kGdsb2JhbACZRAGIAQgVAQEBAQkJDAcRAx+kcJsvAoMLgjsEilM
x-ironport-anti-spam-filtered: true
errors-to: nanog-bounces+steve.adcock=ioko.com@nanog.org
list-id: North American Network Operators Group <nanog.nanog.org>
list-post: <mailto:nanog@nanog.org>
list-archive: <http://mailman.nanog.org/pipermail/nanog>
x-mailman-version: 2.1.9
x-beenthere: nanog@nanog.org
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Whois is hard, let's go shopping:
jackc@anna ~ $ whois as701
#
# The following results may also be obtained via:
# http://whois.arin.net/rest/asns;q=3Das701?showDetails=3Dtrue
#
ASNumber: 701 - 705
ASName: UUNET
ASHandle: AS701
RegDate: 1990-08-03
Updated: 2008-07-24
Ref: http://whois.arin.net/rest/asn/AS701
OrgName: MCI Communications Services, Inc. d/b/a Verizon Business
OrgId: MCICS
Address: 22001 Loudoun County Pkwy
City: Ashburn
StateProv: VA
PostalCode: 20147
Country: US
RegDate: 2006-05-30
Updated: 2009-12-07
Ref: http://whois.arin.net/rest/org/MCICS
OrgTechHandle: JHU140-ARIN
OrgTechName: Huffines, Jody
OrgTechPhone: +1-703-886-6093
OrgTechEmail: Jody.Huffines@verizonbusiness.com
OrgTechRef: http://whois.arin.net/rest/poc/JHU140-ARIN
OrgAbuseHandle: ABUSE3-ARIN
OrgAbuseName: abuse
OrgAbusePhone: +1-800-900-0241
OrgAbuseEmail: abuse-mail@verizonbusiness.com
OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE3-ARIN
OrgNOCHandle: OA12-ARIN
OrgNOCName: UUnet Technologies, Inc., Technologies
OrgNOCPhone: +1-800-900-0241
OrgNOCEmail: help4u@verizonbusiness.com
OrgNOCRef: http://whois.arin.net/rest/poc/OA12-ARIN
OrgTechHandle: SWIPP-ARIN
OrgTechName: swipper
OrgTechPhone: +1-800-900-0241
OrgTechEmail: swipper@verizonbusiness.com
OrgTechRef: http://whois.arin.net/rest/poc/SWIPP-ARIN
-Jack Carrozzo
On Tue, Oct 26, 2010 at 7:51 AM, Serg Shubenkov <Serg@macomnet.net> wrote:
>
> Hello, list.
>
> Please send me off-list abuse contact for as702.
>
> --
> Serg Shubenkov, MAcomnet, Internet Dept., Head of Inet Department
> phone: +7 495 7969392/9079, +7 916 5316625, mailto:serg@macomnet.net
> icq uin: 101964103, Skype: serg.v.shubenkov
>
>
>
>
--_002_E3CA7CD19CB1E847A999B2ECFB25D9A13E73B4E9BFINTCL1EX01uki_--
