[olug] Attacked by Romanian Script Kiddies

Rob Townley rob.townley at gmail.com
Tue Oct 24 19:38:17 UTC 2006 

Ripe.net is the equivalent of Arin.net, but for Europe, the middle
east and central asia.
The American Registry for Internet Numbers covers Africa as well.
Since we already know this is a European IP,  a query at ripe.net with
the the 2nd IP returned plenty of direct contact info including email
addresses and phone numbers.  abuse at rdsnet.ro is probably what you are
looking for.  If this does not work, i know one or two ISPs in Romania
that we could contact.

http://ripe.net/fcgi-bin/whois?form_type=simple&full_query_string=&searchtext=86.125.202.56&submit.x=6&submit.y=2&submit=Search

% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools may need to be adjusted. See
% http://www.ripe.net/db/news/abuse-proposal-20050331.html
% for more details.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

% Note: This output has been filtered.
%       To receive output for a database update, use the "-B" flag

% Information related to '86.125.192.0 - 86.125.255.255'

inetnum:         86.125.192.0 - 86.125.255.255
netname:         RO-RDSNET-AR-ARAD-CABLELINK
descr:           Cablelink access in Arad
country:         RO
admin-c:         RDS-RIPE
tech-c:          RDS-RIPE
status:          ASSIGNED PA "status:" definitions
mnt-by:          AS8708-MNT
mnt-lower:       AS8708-MNT
mnt-routes:      AS8708-MNT
source:          RIPE # Filtered

role:            Romania Data Systems NOC
address:         71-75 Dr. Staicovici
address:         Bucharest / ROMANIA
phone:           +40 21 30 10 888
fax-no:          +40 21 30 10 892
e-mail:          contact-tech at rdsnet.ro
admin-c:         CN19-RIPE
tech-c:          CN19-RIPE
tech-c:          GEPU1-RIPE
nic-hdl:         RDS-RIPE
mnt-by:          AS8708-MNT
remarks:         +-----------------------------------------------------------+
remarks:         | ABUSE CONTACT: abuse at rdsnet.ro IN CASE OF HACK ATTACKS,   |
remarks:         | ILLEGAL ACTIVITY, VIOLATION, SCANS, PROBES, SPAM, ETC.    |
remarks:         +-----------------------------------------------------------+
source:          RIPE # Filtered

% Information related to '86.120.0.0/13AS8708'

route:           86.120.0.0/13
descr:           RDSNET
origin:          AS8708
mnt-by:          AS8708-MNT
source:          RIPE # Filtered


On 10/24/06, Charles Bird <cbird at mail.datar8.com> wrote:
> I have alot of packets coming thru going to a particular host. From Romania.
> 86.123.164.172
> 86.125.202.56
> are the main ones, sending garbage and syn.
> This happened yesterday from Romanian IPs as well, the IPs were added to
> iptables i just drop em.
> I am assuming these are dynamic IPs and the lease expired and the attack
> carried on.
> What can I do to turn in these a**h*les?
> What should i provide to abuse at whatever their ISP is?
> No one is gonna comprimise my uptime. arg
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>

More information about the OLUG mailing list