Tracking a DDOS

One of our clients sustained a severe SMTP DDOS attack on New Years'
Day. The DDOS was caused by a bulk mailing which had forged their
domain name in the return address. The attack was staged over
several days from dial-up lines at (Bethlehem, PA). We
contacted shortly after the massmail began but it continued
unabated for two additional days. Some of the source IPs were
eventually listed by MAPS and Wirehub and they're still listed to
this date.

5 minutes after our call to's support desk we tracked a
portscan from one of their netblocks (,
Internet Unlimited, at nearly the same address in Bethlehem, PA).
A quick check of the reverse DNS revealed nearly exclusive use by
porn, throw-away, and otherwise spam domains.

Though we're still tabulating damages and collecting evidence it
appears the DDOS was hosted by and allowed to continue unabated by (aka after they had knowledge of the problem,
knowledge of its source, and knowledge of its effects.

Since has not replied to our email or phone calls
we're looking for anyone with information on this company, its
owners or operators, and any history of network or SMTP abuse. All
help will be appreciated and kept confidential.

Thanks in advance,

Fastnet is a publicly owned company that recently went on a buying spree and purchased (among others) Applied Theory and Earthstation NetAXS.

You should be able to find contacts from NetAXS (unless Tony has moved on...)

'n confused. I thought AppliedTheory (was CRL) was bought by Clearblue
which later aquired part in Navisite and later had Navisite aquire
most of Clearblue (sounds weird, I know). Now goes to
navisite, so I assumed appliedtheory was aquired as part of clearblue,
(if it wasn't why the website going there)? So is its history:


Not sure of the full history, but

As a Clearblue customer, I can confirm that all the Applied Theory stuff seems to be gone now from the support pages. (The same functionality is there, but the URL's have all been changed to names)

Some of the stuff looks pretty cool - being able to monitor from a website your rack's temperatures, voltages, the datacenter's UPS and generator statuses, etc... Unfortunately it's all "coming soon"(unless you're in Syracuse), and has been for at least 6 months. Applied Theory was also supposed to be doing port, application and server monitoring, which seems to overlap with what Navisite offers, so that may have something to do with its departure.