[60255] in North American Network Operators' Group
Edge 1 Networks/Williams Communications Group
daemon@ATHENA.MIT.EDU (Jeff Kell)
Mon Aug 4 22:27:08 2003
Date: Mon, 04 Aug 2003 22:26:02 -0400
From: Jeff Kell <jeff-kell@utc.edu>
To: nanog <nanog@nanog.org>
Errors-To: owner-nanog-outgoing@merit.edu
After several run-ins with Edge 1 Networks [69.44.28.0/22] having their
machines "hijack" victim machines on our networks infected with Jeem,
and then making their spam runs, I've had it. I have reported both to
Edge 1 and their parent Williams Communications Group [AS7911] with no
result and I will be blocking Edge 1 [in theory, AS29986, but no doubt
private spewage from WCG.NET).
They hijacked a Jeem proxy on July 17th, it was shut down. The help
desk thought they had cleaned it up, but within 30 mins of placing it
back online again, Edge 1 grabbed it again. I brought it into the lab
with a sniffer, rebooted (new IP), and Edge 1 picked it up within 10
minutes and began spam/proxying.
This past Sunday, a similarly Jeem'ed machine was hijacked by the same
Edge 1 block (numerous machines in the Edge 1 block, mind you) and due
to me being out of the office it wasn't noticed and shutdown until
Tuesday, after a little over a half million proxied spams.
Are these people just totally off-the-wall? Google searches seem to concur.
I am awaiting confirmation that ALL the proxies originated from Edge 1
(takes a while to churn through those gigs of pix logs).
Jeff Kell
University of Tennessee, Chattanooga
