DoS attack in progress, any upstream info for these guys? their
phone number doesn't respond.
This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '88.247.0.0 - 88.247.79.255'
Not surprising -- TurkTelekom has long been known to be a hotbed of
malicious activity, a known hoster for Russian/Ukrainian cyber criminals,
and perhaps one of the most botnetted ISPs on the planet:
The Spamhaus folk on this list have the address of TurkTelekom's chief security/abuse guy who would take take of this, but we would not be inclined to give his address to someone identifying themselves as "Beavis" with a gmail address. Can you elaborate on who you are, what's being DoSsed (a router, an http server, a mail server?), and whether you can ACL the source (since you know the source is in 88.247.0.0/17, why not ACL the source at your router or at whatever device is being DoSsed).
Beavis aka John Lopez:
I, for one, am glad you're interested in stopping the abuse at its source.
Thank you.
Steve Linford:
why not ACL the source at your router or at whatever device is being
(packeted).
Mr. Lopez is contributing to the welfare of the net as a whole by addressing
the cause, rather than applying a bandage locally to lessen the symptom. I
sincerely hope your dismissive advice is not characteristic of Spamhaus
policy regarding abused hosts, considering the mission statement at the top
of your homepage.
OK, you don't know much about Spamhaus. Dealing with network abuse issues is what we do 24/7. John Lopez contacted my privately and I've given him the address of TurkTelekom's security guy, but the reality of things is that today is a Saturday and tomorrow is a Sunday, unless TurkTelekom's guy is working weekends (unlikely) ACL'ing the source is not just an advisable option but is probably until Monday the only option.
Beavis aka John Lopez:
I, for one, am glad you're interested in stopping the abuse at its source.
Thank you.
Steve Linford:
why not ACL the source at your router or at whatever device is being
(packeted).
Mr. Lopez is contributing to the welfare of the net as a whole by addressing
the cause, rather than applying a bandage locally to lessen the symptom. I
sincerely hope your dismissive advice is not characteristic of Spamhaus
policy regarding abused hosts, considering the mission statement at the top
of your homepage.
Steve Church
Come on, even I think Steve Linford's bonafides are strong enough that
this was uncalled for.
Let's put it this way. Contacts given in confidence arent meant to be
shared randomly. Or to people who dont identify themselves and post
using freemail addresses. Linford seems to have shared this contact
offlist with the guy, after he identified himelf, so case closed.