SPACENET #1 OFFENDER!
TOP IP ATTACKERS


by R. F. Mariano, Editor, STReport Online - Special Report

It is not the RIAA... but they did make it known recently that they were going to do so. For the past three weeks the attacks from IP addresses attempting to foist incomplete IP address DDOS attacks and NetBus Attacks with Sub-Seven NetBios Trojan Backdoors appeared to be aimed at P2P users.  However, it's now obvious the Internet itself is being clobbered as the attacks, intentional or otherwise, have risen to such a level that large numbers of non-P2P users are now experiencing increasing blocked attack notices from their personal firewalls.

Apparently, ISP's Net Admins are either inept or unable to control the incomplete IP attacks by their subscribers.

So, you say if its blocked at the personal firewall level, it does no harm? WRONG....... what is actually occurring is the Net itself is becoming flooded with incomplete IP address IP packets aimlessly hopping from one node to another. Also known as DDOS attacks. The Sub-Seven NetBus Trojan Netbios Attacks are far more serious and cause increasing concerns to the extent of possible broad based blocking at the backbone level and possible legal action being taken.

Whether these attacks are originating from contracted companies and/or individuals, the obvious result is the entire Internet will ultimately suffer. Many thoughts about the origin of these trash packets can arise, such as those software houses who wish to build a new Internet, a totally controlled and censored Internet, those software houses providing protection software can also be under scrutiny, and of course, the hackers, the wannabe hackers and the plethora of idiots who think such practices are fun and humorous. The worst of course, would be those who are doing so hoping the RIAA would ultimately get the blame.

The proliferation of these attacks has increased to such an extent that a number of Internet High Speed Gateway Providers have instituted the use of ACL's to actually BLOCK the originating IP addresses and filing abuse complaints with the Service Providers of the originating and offensive Users, identified through their IP address.

Are these incidents due to lack of adequate NOC (Network Operation Center) administration or is Spacenet and the other ISP's indicated running on such a tight budget (cheap) that they cannot afford competent administrators?

In the course of the coming weeks.. we shall provide here, for all to see, the list of Offending IP addresses and the Service Providers responsible for said addresses. Eventually, an ISP itself can become entirely blocked if the abuse is allowed to continue unabated. That happens because many ISP's use random IP addressing for their users. As such, if a user, such as the idiot trouble makers or any of goofy hacker-wannabe's are busy at work. They can originate these attacks from numerous IP address since they are randomly assigned by Spacenet Satellite Internet Service.

Where are the SpaceNet's and other ISP Administrators?

Or course, any responsible ISP will act quickly to alleviate the situation in an attempt to keep the Net free of trash packets and to provide the best possible service to its legit users. Can You picture an ISP who's links to major Networks become totally blocked via ACL's because of abusive subscribers?

UPDATE - 01/21/03

In the past few days, the proliferation of incidents where the Sub-Seven Netbios Trojan flooding the NET are definitely tracked as coming from SPACENET and others.... is now at an alarming rate. One can only wonder when the major ISP's throughout the world will begin to WAKE-UP and take action.  A general lockout of SPACENET  and other offending ISP's is seemingly becoming a distinct possibility. While there may only be 6 IP addresses indicated for Spacenet, the number of attacks are at a relatively high constant level with a higher than average level originating in Marietta, Georgia USA.

Users can help too.

Report each and every attack notice you receive from your firewall to BOTH your Firewall Software Provider and in particular, to the Abuse line at Spacenet.Com and the other ISP's (Internet Service Providers).  Include as much info as possible from the trace route (cut & paste) in your email to ISP's abuse email address. Every time an incident occurs. They'll soon notice their email will be as flooded as they are flooding the Internet by allowing this abuse to continue.

(ACL = Access Control List)

This list will be updated regularly with both the IP addresses and the Service Providers. - Updated 01/27/03

Access Control List

Offensive IP's & Service Provider List

 deny ip host 24.127.28.27 any
 deny ip host 212.170.19.116 any
 deny ip host 148.63.239.198 any
 deny ip host 211.12.215.111 any
 deny ip host 211.106.88.157 any
 deny ip host 62.47.183.233 any
 deny ip host 67.39.184.110 any
 deny ip host 209.223.112.164 any
 deny ip host 64.130.33.46 any
 deny ip host 211.196.198.186 any
 deny ip any host 216.85.162.255
 deny ip any host 216.85.163.255
 deny ip any host 216.85.164.255
 deny tcp host 24.127.28.27 any
 deny tcp host 212.170.19.116 any
 deny tcp host 148.63.239.198 any
 deny tcp host 211.12.215.111 any
 deny tcp host 211.106.88.157 any
 deny tcp host 62.47.183.233 any
 deny tcp host 67.39.184.110 any
 deny tcp host 209.223.112.164 any
 deny tcp host 64.130.33.46 any
 deny tcp host 211.196.198.186 any
 deny tcp any host 216.85.162.255
 deny tcp any host 216.85.163.255
 deny tcp any host 216.85.164.255
 deny udp host 24.127.28.27 any
 deny udp host 64.130.33.46 any
 deny udp host 212.170.19.116 any
 deny udp host 148.63.239.198 any
 deny udp host 211.12.215.111 any
 deny udp host 211.106.88.157 any
 deny udp host 62.47.183.233 any
 deny udp host 67.39.184.110 any
 deny udp host 209.223.112.164 any
 deny udp host 211.196.198.186 any
 deny udp any host 216.85.162.255
 deny udp any host 216.85.163.255
 deny udp any host 216.85.164.255
 deny icmp host 24.127.28.27 any
 deny icmp host 212.170.19.116 any
 deny icmp host 148.63.239.198 any
 deny icmp host 211.12.215.111 any
 deny icmp host 211.106.88.157 any
 deny icmp host 62.47.183.233 any
 deny icmp host 67.39.184.110 any
 deny icmp host 209.223.112.164 any
 deny icmp host 64.130.33.46 any
 deny icmp host 211.196.198.186 any
 deny icmp any host 216.85.162.255
 deny icmp any host 216.85.163.255
 deny icmp any host 216.85.164.255
 




























 

12.252.113.76 - gbr-4p60.distx.ip.att.net (Dallas)
24.101.159.70 - cpe0050bac9fcd6-cm014100207689.cpe.net.cable.rogers.com (Toronto)
24.127.28.27 - we.client2.attbi.com (AT&T Broadband West)
24.166.234.101 - dhcp columbus.rr.com (Columbus)
24.217.116.3 - CHTRSTL-BLK-1-CCUBR02 Charter Communications (St.Louis, MO)
62.47.183.233 - TA Highway Speed (Austria)
63.205.64.234 - adsl dsl.snfc21.pacbell.net (Texas)
64.160.25.108 - adsl-dsl.lsan03.pacbell.net (Texas)
64.166.109.92 - dsl.isan03.pacbell.net (San Francisco)
65.184.92.181 - dsl - telocity-4
66.1.116.233 - cpe- tx.sprintbd.net Sprintbwg-1bl (Ft. Worth)
67.39.184.110 - dsl.chcgil.ameritech.net SBC Ameritech2 (Texas)
67.83.48.110 - oo1-4353306e.dyn.optonline.net (Woodbury, NY 11797)
67.219.121.70 - DIALDNS1.UU.NET (Los Angeles)
67.219.121.221 - DIALDNS1.UU.NET (Los Angeles)
68.45.166.20 - NS01.JDC01.PA.COMCAST.NET (Pennsauken)
80.13.235.234 - areims-105-1-8-234.abo.wanadoo.fr (France)
140.122.110.220 - National Taiwan Normal University TANET-B-NTNU (Taipei)
148.63.136.73 - vsat c189.t7.mrt.starband.net (Spacenet)
148.63.158.139 - c189.t7.mrt.starband.net (Spacenet)
148.63.239.198 - vsat c004.g4.mrt.starband.net (Spacenet)
148.64.26.148 - vsat t7.mrt.starband.net (Spacenet)
148.64.148.27 - vsat c005.g4.mrt.starband.net (Spacenet)
148.64.165.93 - vsat c005.g4.mrt.starband.net (spacenet)
151.204.101.68 - ny325.east.verizon.net (Verizon NY)
151.204.98.212 - ny325.east.verizon.net (Verizon NY)
158.108.8.173 - NONTRI.KU.AC.TH Kasetsart University (Bangkok)
167.47.165.91 - CCNUCD.CUDENVER.EDU CCCS-3 (#530, Denver, CO 80240)
172.131.172.56 - AC83AC38.ipt.aol.com AOL-172BLK (AOL Sterling, VA 20166)
172.135.105.6 - ac876906.ipt.aol.com AOL-172BLK (AOL Dulles)
172.149.177.233 - ac95b1e9.ipt.aol.com AOL-172BLK (AOL Dulles)
172.184.167.106 - acb8a76a.ipt.aol.com AOL-172BLK (AOL Dulles)
172.191.152.95 - ACBF985F.ipt.aol.com AOL-172BLK (AOL Reston VA 20191)
200.221.193.222 - uolsat.speeduol.com (Brazil)
202.180.96.89 - p89.nas1.wtg.i4free.co.nz (New Zealand)
203.51.238.154 - cpe-203-51-238-154.qld.bigpond.net.au Telstra Corporation Limited (Canberra)
203.254.133.205 - KRNIC-KR (Korea)
203.254.152.120 - KRNIC-KR (Korea)
208.163.44.117 - port0117-cvx-cent1.cwjamaica.com (Jamaica)
211.12.215.111 - Sakura-Net (Japan)
211.106.88.157 - KRNIC-KR (Korea)
211.221.133.71 - KRNIC-KOREA TELECOM Internet Operating Center (Korea)
211.249.146.92 - KRNIC-KR (Korea)
212.170.19.116 - RIMA Telephonica De Espana (Spain)
212.241.79.209 - RIPE-NCC-NONE-MNT cm79-209.liwest.at (vienna)
217.5.30.146 - Deutsche Telekom AG (Germany)
217.136.178.209 - p7-0.london-cr3.bbnplanet.net (UK)
218.140.204.136 - yahoobb218140204136.bbtec.net BB Technologies Corporation (Tokyo 103-0015, Japan)
218.237.109.172 - HANANET [Allocated to KRNIC Member] (Korea)