previous | top | next

Atypical ISP Complaint

To Rackspace support Wed Jan 19 15:30:59 2005: 
Since mid-September, 213.93.159.14 has been sending about
25 SYN packets per second our way. They've followed our DNS name
through 5 different IP addresses.

While this traffic is iptabled away and not causing us any harm, I
believe it's in everyone's best interest to remove the compromised
computer from the net. abuse@chello.nl, abuse@chello.at, and
abuse@upc.nl have ignored us since September. Could you try?

Here's a sniff.

15:23:47.239950 213.93.159.14.4809 > 72.3.135.164.http:
 S [tcp sum ok] 1910764489:1910764489(0) win 16384
  (DF) (ttl 110, id 24070, len 48)

Response from Rackspace: 
Fri Jan 28 08:28:39 2005

Hello,

At this time we, like you, have had no response. I am attempting to
notify several black lists to try and get this machine listed. That
may help get some one's attention.
The Holocaust History Project and Rich Graves 263 minutes