Sounds like maybe the firewalls mailing list might be a great place
for "black listing" these sorts of enterprises. Well, at least,
sharing these sorts of experiences so that others may be on the
alert. It would be helpful if some one collected these sites/subnets
and created a FAQ!
Bill
Roger Marquis wrote:
>
> On Sat, May 22, 1999 at 06:40:20PM -0700, David Babler wrote:
> > > On Sat, May 22, 1999 at 11:05:28AM -0600, Brett Glass wrote:
> > > > This morning, someone at the domain "imagelock.com" apparently launched a
> > > > denial of service attack against a Web server I administer. The abuser was
> > > imagelock.com has been banned from my web servers ever since they
> > > initiated a DoS attack against me a few months ago. Basically, they
> > > download every accessible file on a website. The company's MO is to
> >
> > Their web client also gleefully ignores robots.txt as well, and spent 2
> > hours here chasing web poisoned pages - apparently quitting only when it
> > didn't find any images to fingerprint. So they're now blocked here at the
> > firewall too - thanks for the heads-up. Wonder how much they can sell
> > their service for when they find they don't have access to poke around?
>
> Great information! Thanks Brett. I checked our httpd logs and
> immediately found several thousand hits from this subnet, which is now
> filtered.
>
> Imagelock could be another name for Cyveillance.com. We saw an
> identical pattern 2 months ago from another IP which had/has no reverse
> DNS. The domain turned out to be Cyveillance and their ISP was (at the
> time) Digex.net who forwarded our complaint and followed up twice.
> Thank you Digex!
>
> After 3 complaints to Digex and Cyveillance we finally received this
> response from Cyveillance:
>
> > Recently Digex, our internet provider, forwarded your inquiry regarding
> > visits to your site from 207.87.178.66.
> >
> > We provide companies with brand protection services on the internet. To
> > accomplish this goal we employ search engines / web crawlers to scan the
> > internet. We are in no way involved with the creation of unsolicited
> > commercial email. Please see our web site at http://www.cyveillance.com
> > where you can learn more about our company and what we do.
> >
> > It appears we crawled your web site as part of our general web search, and
> > crawled your mailto directories as part of that search. We hope we didn't
> > cause you any inconvenience.
> >
> > If you have any questions, don't hesitate to contact me.
> >
> > Paul K. Witting
> > Manager of Information Systems
> > Cyveillance - Intelligent Internet Surveillance
> > [EMAIL PROTECTED]
> > (703) 519-4212
>
> However they never did stop scanning our subnets until we filtered
> their subnet at 207.87.178.
>
> This subnet still has no reverse DNS however `whois` shows Cyveillance
> is now a customer of imaphost.com and namesecure.com. "imaphost.com"
> is already in our IP filter list (all 27 lines of it) for previous HTTP
> abuses however namesecure.com is not.
>
> Call me paraniod but it sure looks like another Cyveillance attempt to
> cover their tracks.
>
> --
> Roger Marquis
> Roble Systems Consulting
> http://www.roble.com/
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
