[olug] Attacked by Romanian Script Kiddies

Kelly Williams kwilliams at nethtc.net
Tue Oct 24 20:41:12 UTC 2006


How long has this been happening because grandfathers computer just got hit
by something and I was wondering if that had to any thing to with the
Romanian Script Kiddies.

Kbw 

-----Original Message-----
From: olug-bounces at olug.org [mailto:olug-bounces at olug.org] On Behalf Of Rob
Townley
Sent: Tuesday, October 24, 2006 2:38 PM
To: Omaha Linux User Group
Subject: Re: [olug] Attacked by Romanian Script Kiddies

Ripe.net is the equivalent of Arin.net, but for Europe, the middle
east and central asia.
The American Registry for Internet Numbers covers Africa as well.
Since we already know this is a European IP,  a query at ripe.net with
the the 2nd IP returned plenty of direct contact info including email
addresses and phone numbers.  abuse at rdsnet.ro is probably what you are
looking for.  If this does not work, i know one or two ISPs in Romania
that we could contact.

http://ripe.net/fcgi-bin/whois?form_type=simple&full_query_string=&searchtex
t=86.125.202.56&submit.x=6&submit.y=2&submit=Search

% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools may need to be adjusted. See
% http://www.ripe.net/db/news/abuse-proposal-20050331.html
% for more details.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

% Note: This output has been filtered.
%       To receive output for a database update, use the "-B" flag

% Information related to '86.125.192.0 - 86.125.255.255'

inetnum:         86.125.192.0 - 86.125.255.255
netname:         RO-RDSNET-AR-ARAD-CABLELINK
descr:           Cablelink access in Arad
country:         RO
admin-c:         RDS-RIPE
tech-c:          RDS-RIPE
status:          ASSIGNED PA "status:" definitions
mnt-by:          AS8708-MNT
mnt-lower:       AS8708-MNT
mnt-routes:      AS8708-MNT
source:          RIPE # Filtered

role:            Romania Data Systems NOC
address:         71-75 Dr. Staicovici
address:         Bucharest / ROMANIA
phone:           +40 21 30 10 888
fax-no:          +40 21 30 10 892
e-mail:          contact-tech at rdsnet.ro
admin-c:         CN19-RIPE
tech-c:          CN19-RIPE
tech-c:          GEPU1-RIPE
nic-hdl:         RDS-RIPE
mnt-by:          AS8708-MNT
remarks:
+-----------------------------------------------------------+
remarks:         | ABUSE CONTACT: abuse at rdsnet.ro IN CASE OF HACK ATTACKS,
|
remarks:         | ILLEGAL ACTIVITY, VIOLATION, SCANS, PROBES, SPAM, ETC.
|
remarks:
+-----------------------------------------------------------+
source:          RIPE # Filtered

% Information related to '86.120.0.0/13AS8708'

route:           86.120.0.0/13
descr:           RDSNET
origin:          AS8708
mnt-by:          AS8708-MNT
source:          RIPE # Filtered


On 10/24/06, Charles Bird <cbird at mail.datar8.com> wrote:
> I have alot of packets coming thru going to a particular host. From
Romania.
> 86.123.164.172
> 86.125.202.56
> are the main ones, sending garbage and syn.
> This happened yesterday from Romanian IPs as well, the IPs were added to
> iptables i just drop em.
> I am assuming these are dynamic IPs and the lease expired and the attack
> carried on.
> What can I do to turn in these a**h*les?
> What should i provide to abuse at whatever their ISP is?
> No one is gonna comprimise my uptime. arg
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>
_______________________________________________
OLUG mailing list
OLUG at olug.org
http://lists.olug.org/mailman/listinfo/olug




More information about the OLUG mailing list