[140352] in North American Network Operators' Group
Re: 23,000 IP addresses
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Tue May 10 10:22:44 2011
In-Reply-To: <BANLkTimZrOuo6xyVYa_jdNOytB-PddiMYg@mail.gmail.com>
Date: Tue, 10 May 2011 10:22:03 -0400
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Scott Brim <scott.brim@gmail.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Tue, May 10, 2011 at 10:15 AM, Scott Brim <scott.brim@gmail.com> wrote:
> On Tue, May 10, 2011 at 09:42, Leigh Porter
> <leigh.porter@ukbroadband.com> wrote:
>> So are they basing this on you downloading it or on making it available =
for others?
>
> Without knowing the details, I wouldn't assume any such level of
> competence or integrity. =A0It could just be a broad witch hunt.
I know of a decent sized global ISP that ran (runs?) a large darknet
that was the equivalent of a few /16's routed to a fbsd host running
'tcpdump' (a tad more complex, but essentially this). BayTSP (one of
the 'make legal threats for the mpaa/riaa' firms) sent ~2k notes to
the ISP about downloaders on these ips.
Looking at netflow data (sample 1:1 on that interface) they had
portscanned (from ip space registered in their name) each address in
the range and sent subpoena-material to all ips that they thought they
got a response from.
At least baytsp got theirs? (money I mean)
