Problems with .de abuse

over the past couple of days, at least two of our servers have been
inundated with rather amateurish attempts to login as various priviledged
users. We're talking at least hundreds of attempts, mostly from 62.104.92
and 62.104.82. I whois shows the /16 (which I finally null routed the
whole thing) belongs to:

role: Network Management
address: freenet Cityline GmbH
address: Network Managment Center
address: Juri Gagarin Ring 88
address: 99084 Erfurt
address: Germany
phone: +49 361 594 2961
remarks: ****************************************************
remarks: * please report spam/abuse mailto:abuse@pppool.de *
remarks: * reports to other addresses will not be processed *
remarks: ****************************************************

I sent the abuse email 2 days ago and got no response. After 2 more days
of this, I finally just tried to call that number, and it's bogus (or at
least not working). Does anyone have a clue who this is and/or how to
actually get ahold of someone there (preferably one who speaks or
reads/writes English)?

TIA,

James Smallacombe PlantageNet, Inc. CEO and Janitor
up@3.am http://3.am

I would check out the other roles referenced in the AS5430 object and
failing that perhaps someone at Telia or Level3 can help.

Regards,
J.

I sent the abuse email 2 days ago and got no response. After 2 more days
of this, I finally just tried to call that number, and it's bogus (or at
least not working). Does anyone have a clue who this is and/or how to
actually get ahold of someone there (preferably one who speaks or
reads/writes English)?

Try and reach them at peering@mcbone.net or try and contact their admin
Jens Rosenboom at jens.rosenboom@freenet-ag.de
I know it's not the regular channel, but and we peer with them at
DE-CIX and had similar problems a while back with IP's from their range
scanning and trying out SNMP communities on our boxes. They responded on
an e-mail sent to their peering address and we haven't had any further
scans since, although your complaint seems to disrepute them further.

Cheers,

> I sent the abuse email 2 days ago and got no response. After 2 more

days

> of this, I finally just tried to call that number, and it's bogus (or at
> least not working). Does anyone have a clue who this is and/or how to
> actually get ahold of someone there (preferably one who speaks or
> reads/writes English)?

Try and reach them at peering@mcbone.net or try and contact their admin
Jens Rosenboom at jens.rosenboom@freenet-ag.de
I know it's not the regular channel, but and we peer with them at
DE-CIX and had similar problems a while back with IP's from their range
scanning and trying out SNMP communities on our boxes. They responded on
an e-mail sent to their peering address and we haven't had any further
scans since, although your complaint seems to disrepute them further.

slightly OT, but it is a sad day when operators stop being responsible
neighbours and start responding to abuse reports only when their
{willy,peering} is on the line.

paul

It is...and persistently trying a host of SNMP communitie strings on a
neighbour's router interfaces doesn't make it any better

Trying once is one thing. Being persistent about it when it didn't work the
first time deserves a smack with a clue-by-four.

"If at first you don't succeed, give up. There's no sense in making a fool of yourself"

sometimes this is OVW going on a discovery rampage, quite a few folks
forget to set the scope before telling it to discover

Seems that most OV installations would have on SNMP string.

Alternatively, if you logs all these strings, look up the source IP, you now have a really good view into the routers for that AS.

I did mention the clue-by-four, right?