SPACENET #1 OFFENDER!
It is not the RIAA... but they did make it known recently that they were going to do so. For the past three weeks the attacks from IP addresses attempting to foist incomplete IP address DDOS attacks and NetBus Attacks with Sub-Seven NetBios Trojan Backdoors appeared to be aimed at P2P users. However, it's now obvious the Internet itself is being clobbered as the attacks, intentional or otherwise, have risen to such a level that large numbers of non-P2P users are now experiencing increasing blocked attack notices from their personal firewalls.
Apparently, ISP's Net Admins are either inept or unable to control the incomplete IP attacks by their subscribers.
So, you say if its blocked at the personal firewall level, it does no harm? WRONG....... what is actually occurring is the Net itself is becoming flooded with incomplete IP address IP packets aimlessly hopping from one node to another. Also known as DDOS attacks. The Sub-Seven NetBus Trojan Netbios Attacks are far more serious and cause increasing concerns to the extent of possible broad based blocking at the backbone level and possible legal action being taken.
Whether these attacks are originating from contracted companies and/or individuals, the obvious result is the entire Internet will ultimately suffer. Many thoughts about the origin of these trash packets can arise, such as those software houses who wish to build a new Internet, a totally controlled and censored Internet, those software houses providing protection software can also be under scrutiny, and of course, the hackers, the wannabe hackers and the plethora of idiots who think such practices are fun and humorous. The worst of course, would be those who are doing so hoping the RIAA would ultimately get the blame.
The proliferation of these attacks has increased to such an extent that a number of Internet High Speed Gateway Providers have instituted the use of ACL's to actually BLOCK the originating IP addresses and filing abuse complaints with the Service Providers of the originating and offensive Users, identified through their IP address.
Are these incidents due to lack of adequate NOC (Network Operation Center) administration or is Spacenet and the other ISP's indicated running on such a tight budget (cheap) that they cannot afford competent administrators?
In the course of the coming weeks.. we shall provide here, for all to see, the list of Offending IP addresses and the Service Providers responsible for said addresses. Eventually, an ISP itself can become entirely blocked if the abuse is allowed to continue unabated. That happens because many ISP's use random IP addressing for their users. As such, if a user, such as the idiot trouble makers or any of goofy hacker-wannabe's are busy at work. They can originate these attacks from numerous IP address since they are randomly assigned by Spacenet Satellite Internet Service.
Where are the SpaceNet's and other ISP Administrators?
Or course, any responsible ISP will act quickly to alleviate the situation in an attempt to keep the Net free of trash packets and to provide the best possible service to its legit users. Can You picture an ISP who's links to major Networks become totally blocked via ACL's because of abusive subscribers?
UPDATE - 01/21/03
In the past few days, the proliferation of incidents where the Sub-Seven Netbios Trojan flooding the NET are definitely tracked as coming from SPACENET and others.... is now at an alarming rate. One can only wonder when the major ISP's throughout the world will begin to WAKE-UP and take action. A general lockout of SPACENET and other offending ISP's is seemingly becoming a distinct possibility. While there may only be 6 IP addresses indicated for Spacenet, the number of attacks are at a relatively high constant level with a higher than average level originating in Marietta, Georgia USA.
Users can help too.
Report each and every attack notice you receive from your firewall to BOTH your Firewall Software Provider and in particular, to the Abuse line at Spacenet.Com and the other ISP's (Internet Service Providers). Include as much info as possible from the trace route (cut & paste) in your email to ISP's abuse email address. Every time an incident occurs. They'll soon notice their email will be as flooded as they are flooding the Internet by allowing this abuse to continue.
(ACL = Access Control List)
This list will be updated regularly with both the IP addresses and the Service Providers. - Updated 01/27/03
Access Control List
Offensive IP's & Service Provider List
| deny ip host 220.127.116.11
deny ip host 18.104.22.168 any
deny ip host 22.214.171.124 any
deny ip host 126.96.36.199 any
deny ip host 188.8.131.52 any
deny ip host 184.108.40.206 any
deny ip host 220.127.116.11 any
deny ip host 18.104.22.168 any
deny ip host 22.214.171.124 any
deny ip host 126.96.36.199 any
deny ip any host 188.8.131.52
deny ip any host 184.108.40.206
deny ip any host 220.127.116.11
deny tcp host 18.104.22.168 any
deny tcp host 22.214.171.124 any
deny tcp host 126.96.36.199 any
deny tcp host 188.8.131.52 any
deny tcp host 184.108.40.206 any
deny tcp host 220.127.116.11 any
deny tcp host 18.104.22.168 any
deny tcp host 22.214.171.124 any
deny tcp host 126.96.36.199 any
deny tcp host 188.8.131.52 any
deny tcp any host 184.108.40.206
deny tcp any host 220.127.116.11
deny tcp any host 18.104.22.168
deny udp host 22.214.171.124 any
deny udp host 126.96.36.199 any
deny udp host 188.8.131.52 any
deny udp host 184.108.40.206 any
deny udp host 220.127.116.11 any
deny udp host 18.104.22.168 any
deny udp host 22.214.171.124 any
deny udp host 126.96.36.199 any
deny udp host 188.8.131.52 any
deny udp host 184.108.40.206 any
deny udp any host 220.127.116.11
deny udp any host 18.104.22.168
deny udp any host 22.214.171.124
deny icmp host 126.96.36.199 any
deny icmp host 188.8.131.52 any
deny icmp host 184.108.40.206 any
deny icmp host 220.127.116.11 any
deny icmp host 18.104.22.168 any
deny icmp host 22.214.171.124 any
deny icmp host 126.96.36.199 any
deny icmp host 188.8.131.52 any
deny icmp host 184.108.40.206 any
deny icmp host 220.127.116.11 any
deny icmp any host 18.104.22.168
deny icmp any host 22.214.171.124
deny icmp any host 126.96.36.199