Hello Keith,
Well done for being persistent. However, nobody has the right to scan in
this fashion without letting at least the owner of the address-space
know what is about to take place. It is trivial to find out who is
responsible for a particular address range (whois), and then to find out
whom is the abuse contact there. An intrusive scan like this, whilst
maybe not quite a full-blown DoS, comes quite close being debilitating.
Let's face it, it doesn't take much to make a VPS use up all it's
allocated RAM to try and cope with a large incoming load.
If I were in your shoes I would continue giving them all heck for doing
this, and get a full explanation what they were about. They should not
get away with this without at least a few token bruises. Heavy-handed
"white hat" activity does not mean it's good, in my opinion they acted
no better than script-kiddies.
On 15/04/2019 09:10, Keith Williams wrote:
> SUCCESS
>
> I have just received an email from research-abuse mailbox at Stanford
> University to say they have removed my IP from their database. At
> last! Shame they didn't think to add a little sorry for inconvenience.
> But victory!
>
> On Sun, 14 Apr 2019 at 07:09, Keith Williams
> <keithwilliamsnp@gmail.com <mailto:keithwilliamsnp@gmail.com>> wrote:
>
> Sorry for delay in replying, I have been away in the big city for
> a couple of days, now back to face the world once more
>
> On Wed, 10 Apr 2019 at 17:13, admins
> <admins@sheffieldhackspace.org.uk
> <mailto:admins@sheffieldhackspace.org.uk>> wrote:
>
> A lawsuit is a blunt and very expensive tool.
>
> Use something pointy and sharp that can slip between the ribs.
> Like
> social media.
>
> Large institutions are sensitive about their image, many
> monitor social
> media and their social media accounts. tweet about the irony
> you have
> observed together with a precise statement of the facts, their
> lack of
> response to the correct official channel for complaints, the
> ongoing
> nature of this and reference their social media account (so their
> followers all of them get the message too) and link their
> security course.
>
> This should get you a response.
>
>
> Kirbs
>
>
> On 10/04/2019 08:38, Max B via users wrote:
> > Now what would it take to get them to notice you and fix the
> problem and compensate you?
> >
> > A lawsuit.
> >
> > How does this differ from a robber who is trespassing on
> your property and looking to see whether any of your doors is
> ajar?
> >
> > If one of your machines is located in the US, you have locus
> standi in that jurisdiction to pursue the trustees of Stanford.
> >
> > Is that jurisdiction California?
> >
> > Can bitfolk map the address range to which your machines
> respond to a US server farm located in Palo Alto or Menlo Park?
> >
> > It need only be for a month or a week, although damages
> would follow length of exposure to the hazard.
> >
> >
> >
> >
> > --------------------------------------------
> > En date de : Mer 10.4.19, Keith Williams
> <keithwilliamsnp@gmail.com <mailto:keithwilliamsnp@gmail.com>>
> a écrit :
> >
> > Objet: Re: [bitfolk] I know I should not take it personally
> but ...
> > À: "BitFolk Users" <users@lists.bitfolk.com
> <mailto:users@lists.bitfolk.com>>
> > Date: Mercredi 10 avril 2019, 1h50
> >
> > It still
> > continues, but at a reduced rate. Still no response to my
> > email to the abuse mailbox. They have advertised a seminar
> > on cybersecurity which is going on round about now. That is
> > ironic.
> >
> > On Wed, 10 Apr
> > 2019 at 00:44, Keith Williams <keithwilliamsnp@gmail.com
> <mailto:keithwilliamsnp@gmail.com>>
> > wrote:
> > I was
> > just going to say it had stopped, LOL, a 15 minute break,
> > then a burst, then a few minutes break. Seems to be slowing
> > down but another is giving port 80 a hammering. Because I
> > give these blackholes different names I can see the new
> > contender is one of the content spammers. Oh well it's
> > past midnight here so I will let them get on with their
> > games
> >
> > On Tue, 9 Apr 2019
> > at 23:03, admins <admins@sheffieldhackspace.org.uk
> <mailto:admins@sheffieldhackspace.org.uk>>
> > wrote:
> >
> >
> >
> >
> >
> > Sounds sensible to me.
> > I also blanket ban anyone having a go at SSH simply
> > as whilst it
> > may start there, it never ends there.
> > Sounds like a retarded infestation to me. Most bots
> > are not that
> > clever in and of themselves, once you have had a
> > rummage through
> > their code. There have been some clever tricks put
> > into coding
> > them though.
> >
> >
> >
> > kirbs
> >
> >
> >
> >
> >
> >
> > On
> > 09/04/2019 15:50, Keith Williams
> > wrote:
> >
> >
> >
> >
> > Every packet that arrives from them is
> > sent to a
> > chain by the firewall which logs them and then drops
> > them. The
> > log records the port they were blocked on.
> > That's how I found
> > the 7777. I had no idea what it was. I picked them
> > up first
> > because they hit on 22. that got them put in the
> > set. Others in
> > the set made a couple of attempts then disappeared.
> > There is one
> > oyher persistent pest, a well known comment spammer
> > that keeps
> > coming back and having a go for a while then
> > disappearing, then
> > just the usual rubbish
> >
> >
> >
> > On
> > Tue, 9 Apr 2019 at 22:27,
> > Dom Latter <bitfolk-users@latter.org
> <mailto:bitfolk-users@latter.org>>
> > wrote:
> >
> >
> >
> >
> >
> >
> > On 09/04/2019 10:59, Keith Williams wrote:
> >
> > >
> >
> > > On Tue, 9 Apr 2019 at 17:38, Dom Latter
> > <bitfolk-users@latter.org <mailto:bitfolk-users@latter.org>
> >
> >
> > > <mailto:bitfolk-users@latter.org
> <mailto:bitfolk-users@latter.org>>>
> > wrote:
> >
> > >
> >
> > > On 09/04/2019 04:44, Keith Williams
> > wrote:
> >
> > > > for at least 24 hours now. They
> > go for ports
> > 22.23.53, 80, 443
> >
> > > and 7777.
> >
> > > > That last one is particularly
> > nasty.
> >
> > >
> >
> > > They're (probably) looking for a
> > backdoor opened up
> > by Windows malware.
> >
> > >
> >
> > > Why would that concern you?
> >
> >
> >
> > > It does concern me for a number of
> > reasons.
> >
> >
> >
> > I was particularly referencing 7777 (hence the
> > quoted
> > context). You've
> >
> > not got anything on that port, and even if you
> > did, it
> > wouldn't be
> >
> > compatible.
> >
> >
> >
> > I don't think I'd even notice an attempt
> > to connect to 7777.
> >
> > Because a connection is not made...
> >
> >
> >
> > _______________________________________________
> >
> > users mailing list
> >
> > users@lists.bitfolk.com <mailto:users@lists.bitfolk.com>
> >
> > https://lists.bitfolk.com/mailman/listinfo/users
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > users mailing list
> > users@lists.bitfolk.com <mailto:users@lists.bitfolk.com>
> > https://lists.bitfolk.com/mailman/listinfo/users
> >
> >
> >
> >
> > _______________________________________________
> >
> > users mailing list85.119.82.114
> >
> > users@lists.bitfolk.com <mailto:users@lists.bitfolk.com>
> >
> > https://lists.bitfolk.com/mailman/listinfo/users
> >
> >
> > _______________________________________________
> > users mailing list
> > users@lists.bitfolk.com <mailto:users@lists.bitfolk.com>
> > https://lists.bitfolk.com/mailman/listinfo/users
> >
> > -----La pièce jointe associée suit-----
> >
> >
> >
> > _______________________________________________
> > users mailing list
> > users@lists.bitfolk.com <mailto:users@lists.bitfolk.com>
> > https://lists.bitfolk.com/mailman/listinfo/users
>
> --
> admins@sheffieldhackspace.org.uk
> <mailto:admins@sheffieldhackspace.org.uk>
> www.sheffieldhackspace.org.uk
> <http://www.sheffieldhackspace.org.uk>
>
>
> _______________________________________________
> users mailing list
> users@lists.bitfolk.com <mailto:users@lists.bitfolk.com>
> https://lists.bitfolk.com/mailman/listinfo/users
>
>
> _______________________________________________
> users mailing list
> users@lists.bitfolk.com
> https://lists.bitfolk.com/mailman/listinfo/users
--
Regards,
Jan Henkins
_______________________________________________
users mailing list
users@lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users