|
Posted by Zak on October 17, 2006, 1:30 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Approx hourly 204.16.208.135 scans me.
Uses UDP with 20 or 30 probes on my ports 139, 1027 to 1033 with a fake
message that says System Alert, corrupt registry, use www.msreg.com,
etc. The remote port varies and it also uses many faked IP addresses.
It seems 204.16.208.135 belongs to Fast Colocation who have an automated
abuse reporting page: http://www.fastcolocation.net/abuse/index.php
Can anyone get this page to actually accept an abuse report? It won't
work for me!
|
|
Posted by Moe Trin on October 18, 2006, 3:52 pm
If you were Registered and logged in, you could reply and use other advanced thread options
On Tue, 17 Oct 2006, in the Usenet newsgroup comp.security.misc, in article
>Approx hourly 204.16.208.135 scans me.
>
>Uses UDP with 20 or 30 probes on my ports 139, 1027 to 1033 with a fake
>message that says System Alert, corrupt registry, use www.msreg.com,
>etc. The remote port varies and it also uses many faked IP addresses.
UDP source addresses, especially messenger spam is often faked.
"www.msreg.com" is a spammers domain - if you look up the registration,
it's obviously full of false data
Registration Service Provided By: Very Cheap Domains
Contact: info@verycheapdomains.net
Domain name: msreg.com
Registrant Contact:
MS Fix Software
John Daily (info@msreg.com)
+1.6955593487
Fax: +1.5952336955
5849 W. Warchester Dr
San Fransico, AR 98539
US
and you could complain to ICANN about the blatantly false data - neither
area code 595 or 695 are valid, there is no San Francisco in Arkansas,
the 98539 zip code belongs to post office boxes in the city of Doty,
Washington (Nowheresville, about half way between Seattle and Portland).
The data is simply one lie after another. You could bitch at Hurricane
Electric who is hosting the domain.
>It seems 204.16.208.135 belongs to Fast Colocation who have an automated
>abuse reporting page: http://www.fastcolocation.net/abuse/index.php
While fastcolocation.net has their own problems, if this is single packet
messenger spam, you don't have any proof that they are behind the problem.
>Can anyone get this page to actually accept an abuse report? It won't
>work for me!
Most abuse functions using a web page interface are totally worthless. If
the domain doesn't accept mail to "abuse@domain_name.dom" then report the
domain to rfc-ignorant.org.
Old guy
|
|
Posted by on October 21, 2006, 5:14 pm
If you were Registered and logged in, you could reply and use other advanced thread options
contact anybody about this?
Fast CoLo looks like a fake company to me. Their phone numbers don't
work and they have a couple diffrent websites all of which dont work.
Let me know if you find anything out.
Jason
|
|
Posted by on October 21, 2006, 8:05 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Zak wrote:
> Approx hourly 204.16.208.135 scans me.
>
> Uses UDP with 20 or 30 probes on my ports 139, 1027 to 1033 with a fake
> message that says System Alert, corrupt registry, use www.msreg.com,
> etc. The remote port varies and it also uses many faked IP addresses.
>
> It seems 204.16.208.135 belongs to Fast Colocation who have an automated
> abuse reporting page: http://www.fastcolocation.net/abuse/index.php
>
> Can anyone get this page to actually accept an abuse report? It won't
> work for me!
he seems to be hiding his trial real well the abuse line is not real so
don;t try that address
i used it but no response in over two weeks agao
he has tried to hack my computer at least 20 times in two weeks
|
|
Posted by Emproph on October 22, 2006, 2:12 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Zak wrote:
> > Approx hourly 204.16.208.135 scans me.
> >
> > Uses UDP with 20 or 30 probes on my ports 139, 1027 to 1033 with a fake
> > message that says System Alert, corrupt registry, use www.msreg.com,
> > etc. The remote port varies and it also uses many faked IP addresses.
> >
> > It seems 204.16.208.135 belongs to Fast Colocation who have an automated
> > abuse reporting page: http://www.fastcolocation.net/abuse/index.php
> >
> > Can anyone get this page to actually accept an abuse report? It won't
> > work for me!
> he seems to be hiding his trial real well the abuse line is not real so
> don;t try that address
> i used it but no response in over two weeks agao
> he has tried to hack my computer at least 20 times in two weeks
Same here for about a week now, this is what I've found out:
PORTSCAN
www.fastcolocation.com is the home web site. It's a web hosting
service.
Email/Contact info at verycheapdomains(dot)net Phone Number +1 703 286
2487, Fax: +1 510 279 5802 Street 3791 N. Edgewater Dr City Wasilla
State ak (Alaska) Postalcode 99654 Country United States
I called their customer service last week.
http://fastcolocation.com./support.html
-"All customers of Fast Colocation can reach the Data Center 24 hours
a day. If you require emergency assistance, you can call the data
center direct: 510-580-4100"
-I made it clear that I was not a customer and the representative was
still concerned and interested in getting the IP address that was
portscanning me.
-I asked him about the abuse notification page and he assured me that
the IP addy was all that was important on the form. It didn't work
for me either though.
-Fortunately I pressed him for an e-mail address for follow through,
and was told to contact support@he.net , this was the exchange that
took place:
____
Hello,
I have gotten several firewall alerts of Portscan intrusion from this
IP address, four times in the past two days.
204.16.208.135 (13364)
-You customer service rep told me to email this addy to report this
abuse - after taking down the IP addy as well.
-I have googled this IP addy, your company and other details of this
and it seems to be a problem all over the globe.
Thank You,
__
(I got an auto reply for each one which I am NOT including)
Reply:
Your's is actually the second complaint we've seen regarding the IP
address 204.16.208.135. Unfortunately, the IP address does not belong
to us, as shown by ARIN WHOIS records [1]. We have no authorative
control over the IP addresses within that block, nor the servers
operated therein. The best way to go about resolving this issue is for
you to contact Fast Colocation [2] with your complaint, as the IP
address is owned by them. Only after a reasonable amount of time has
past and the issue remains unresolved can we, the bandwidth provider,
take action per our Acceptable Use Policy (AUP).
[1] - http://ws.arin.net/whois?queryinput=204.16.208.135 (<you can look
up IP addy's here)
[2] - http://www.fastcolocation.net/abuse/
Jeff Walter
Network Engineer
Hurricane Electric
My reply back:
Actually, it was fastcolocation customer service that told me to e-mail
you -- as opposed to giving me their e-mail.
510-580-4100
His reply back:
They do list our phone number as being for "their" data center. This is
not the same as their actual phone numbers (those shown in the ARIN
WHOIS), nor is it the same as their email addresses. Sadly, nothing but
confusion results from them listing our phone number on their site.
Jeff Walter
Hurricane Electric
____
As far as I can practically tell, these people/companies are legit so
we need to spread this info around -perhaps link to this page if
nothing else, because everyone's getting hit.
My suggestions,
--Call fastcolocation, (the web hosting service for IP 204.16.208.135)
and report it: 510-580-4100
--Email Hurricane electric (the bandwidth provider) and report it:
support@he.net
I'm getting ready to call them again (and email H.E.) -Thank God for
free nights and weekends eh?
-Good luck
P.S. To look up other domain names try:
http://www.arin.net/whois/ (listed above)
|
| Similar Threads | Posted | | Auto Proxy Login?? Please help | March 14, 2005, 4:39 am |
| Working of some DOS attacks | July 15, 2005, 2:45 am |
| Working in IS Security - basic information please? | August 6, 2004, 9:05 am |
| Sample virus or bit pattern to verify anti-virus software is working? | December 1, 2004, 12:47 pm |
| this is a port scan, right? | July 30, 2005, 6:07 am |
| UPD Port Scan from DNS Server Happening, What's Up? | January 15, 2006, 2:30 pm |
| Retina Scan vs. nmap, Nessus, Netscan | May 12, 2005, 9:54 am |
| fingerprint scan : roll to dab (flat) image | May 27, 2007, 12:48 pm |
| Waking computer from standby during Norton Virus Scan? | February 3, 2005, 1:16 am |
| [xmlrpc worm] Does it scan the servers before it probes the xmlrpc files? | January 20, 2006, 7:48 pm |
|
XML site map