Hello Keith,
Well done for being persistent. However, nobody has the right to scan in
this fashion without letting at least the owner of the address-space
know what is about to take place. It is trivial to find out who is
responsible for a particular address range (whois), and then to find out
whom is the abuse contact there. An intrusive scan like this, whilst
maybe not quite a full-blown DoS, comes quite close being debilitating.
Let's face it, it doesn't take much to make a VPS use up all it's
allocated RAM to try and cope with a large incoming load.
If I were in your shoes I would continue giving them all heck for doing
this, and get a full explanation what they were about. They should not
get away with this without at least a few token bruises. Heavy-handed
"white hat" activity does not mean it's good, in my opinion they acted
no better than script-kiddies.
On 15/04/2019 09:10, Keith Williams wrote:
SUCCESS
I have just received an email from research-abuse mailbox at Stanford
University to say they have removed my IP from their database. At
last! Shame they didn't think to add a little sorry for inconvenience.
But victory!
On Sun, 14 Apr 2019 at 07:09, Keith Williams
<keithwilliamsnp(a)gmail.com <mailto:keithwilliamsnp@gmail.com>> wrote:
Sorry for delay in replying, I have been away in the big city for
a couple of days, now back to face the world once more
On Wed, 10 Apr 2019 at 17:13, admins
<admins(a)sheffieldhackspace.org.uk
<mailto:admins@sheffieldhackspace.org.uk>> wrote:
A lawsuit is a blunt and very expensive tool.
Use something pointy and sharp that can slip between the ribs.
Like
social media.
Large institutions are sensitive about their image, many
monitor social
media and their social media accounts. tweet about the irony
you have
observed together with a precise statement of the facts, their
lack of
response to the correct official channel for complaints, the
ongoing
nature of this and reference their social media account (so their
followers all of them get the message too) and link their
security course.
This should get you a response.
Kirbs
On 10/04/2019 08:38, Max B via users wrote:
Now what would it take to get them to notice you
and fix the
problem and compensate you?
A lawsuit.
How does this differ from a robber who is trespassing on
your property and
looking to see whether any of your doors is
ajar?
If one of your machines is located in the US, you have locus
standi in
that jurisdiction to pursue the trustees of Stanford.
Is that jurisdiction California?
Can bitfolk map the address range to which your machines
respond to a US
server farm located in Palo Alto or Menlo Park?
It need only be for a month or a week, although damages
would follow
length of exposure to the hazard.
--------------------------------------------
En date de : Mer 10.4.19, Keith Williams
<keithwilliamsnp(a)gmail.com
<mailto:keithwilliamsnp@gmail.com>>
a écrit :
Objet: Re: [bitfolk] I know I should not take it personally
but ...
À: "BitFolk Users"
<users(a)lists.bitfolk.com
<mailto:users@lists.bitfolk.com>>
Date: Mercredi 10 avril 2019, 1h50
It still
continues, but at a reduced rate. Still no response to my
email to the abuse mailbox. They have advertised a seminar
on cybersecurity which is going on round about now. That is
ironic.
On Wed, 10 Apr
2019 at 00:44, Keith Williams <keithwilliamsnp(a)gmail.com
<mailto:keithwilliamsnp@gmail.com>>
wrote:
I was
just going to say it had stopped, LOL, a 15 minute break,
then a burst, then a few minutes break. Seems to be slowing
down but another is giving port 80 a hammering. Because I
give these blackholes different names I can see the new
contender is one of the content spammers. Oh well it's
past midnight here so I will let them get on with their
games
On Tue, 9 Apr 2019
at 23:03, admins <admins(a)sheffieldhackspace.org.uk
<mailto:admins@sheffieldhackspace.org.uk>>
wrote:
Sounds sensible to me.
I also blanket ban anyone having a go at SSH simply
as whilst it
may start there, it never ends there.
Sounds like a retarded infestation to me. Most bots
are not that
clever in and of themselves, once you have had a
rummage through
their code. There have been some clever tricks put
into coding
them though.
kirbs
On
09/04/2019 15:50, Keith Williams
wrote:
Every packet that arrives from them is
sent to a
chain by the firewall which logs them and then drops
them. The
log records the port they were blocked on.
That's how I found
the 7777. I had no idea what it was. I picked them
up first
because they hit on 22. that got them put in the
set. Others in
the set made a couple of attempts then disappeared.
There is one
oyher persistent pest, a well known comment spammer
that keeps
coming back and having a go for a while then
disappearing, then
just the usual rubbish
On
Tue, 9 Apr 2019 at 22:27,
Dom Latter <bitfolk-users(a)latter.org
<mailto:bitfolk-users@latter.org>>
wrote:
On 09/04/2019 10:59, Keith Williams wrote:
On Tue, 9 Apr 2019 at 17:38, Dom Latter
<bitfolk-users(a)latter.org <mailto:bitfolk-users@latter.org>
> <mailto:bitfolk-users@latter.org
<mailto:bitfolk-users@latter.org>>>
wrote:
On 09/04/2019 04:44, Keith Williams
wrote:
> for at least 24 hours now. They
go for ports
22.23.53, 80, 443
and 7777.
> That last one is particularly
nasty.
They're (probably) looking for a
backdoor opened up
by Windows malware.
Why would that concern you?
It does concern me for a number of
reasons.
I was particularly referencing 7777 (hence the
quoted
context). You've
not got anything on that port, and even if you
did, it
wouldn't be
compatible.
I don't think I'd even notice an attempt
to connect to 7777.
Because a connection is not made...
_______________________________________________
users mailing list
users(a)lists.bitfolk.com <mailto:users@lists.bitfolk.com>
https://lists.bitfolk.com/mailman/listinfo/users
_______________________________________________
users mailing list
users(a)lists.bitfolk.com <mailto:users@lists.bitfolk.com>
https://lists.bitfolk.com/mailman/listinfo/users
_______________________________________________
users mailing list85.119.82.114
users(a)lists.bitfolk.com <mailto:users@lists.bitfolk.com>
https://lists.bitfolk.com/mailman/listinfo/users
_______________________________________________
users mailing list
users(a)lists.bitfolk.com <mailto:users@lists.bitfolk.com>
https://lists.bitfolk.com/mailman/listinfo/users
-----La pièce jointe associée suit-----
_______________________________________________
users mailing list
users(a)lists.bitfolk.com <mailto:users@lists.bitfolk.com>
https://lists.bitfolk.com/mailman/listinfo/users
--
admins(a)sheffieldhackspace.org.uk
<mailto:admins@sheffieldhackspace.org.uk>
www.sheffieldhackspace.org.uk
<http://www.sheffieldhackspace.org.uk>
_______________________________________________
users mailing list
users(a)lists.bitfolk.com <mailto:users@lists.bitfolk.com>
https://lists.bitfolk.com/mailman/listinfo/users
_______________________________________________
users mailing list
users(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users
--
Regards,
Jan Henkins
_______________________________________________
users mailing list
users(a)lists.bitfolk.com