RE: [FW1] hacker 194.73.175.25

Fri, 16 Jun 2000 04:47:57 -0700 




This address is just down the road from where I work... I'l drop in personally
and kick their arse shall I?! :-)




Dean Cunningham <[EMAIL PROTECTED]> on 15/06/2000 22:28:50

To:   "'[EMAIL PROTECTED]'"
      <[EMAIL PROTECTED]>
cc:   "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> (bcc: Mike Anning/WEY/EU/CHEP)
Subject:  RE: [FW1] hacker 194.73.175.25





Here is a little bit more info on moregroup.com. Some email addresses there
should get you the right people to talk to

  Domain Name: MOREGROUP.COM

   Administrative Contact, Technical Contact, Zone Contact:
      Wadge, Grant  (GWO71)  [EMAIL PROTECTED]
      More Group UK Ltd (More O'Ferrall)
      18-28 Guildford Road
      Woking, Surrey, GU22 7QF
      UK
      01483 718800 (FAX) 01483 718872
   Billing Contact:
      Tompkins, Ian  (IT80)  [EMAIL PROTECTED]
      More Group plc
      Meirion House Guildford Road Woking
      SURREY
      UK
      GU227QF
      GB
      441483718800 (FAX) 441483718891

   Record last updated on 28-Feb-2000.
   Record expires on 20-Feb-2001.
   Record created on 19-Feb-1996.
   Database last updated on 14-Jun-2000 17:35:15 EDT.

   Domain servers in listed order:

   NS.MOREGROUP.COM  194.73.175.2

-----Original Message-----
From: Dean Cunningham
Sent: Thursday, 15 June 2000 9:39 AM
To: '[EMAIL PROTECTED]'
Cc: '[EMAIL PROTECTED]'
Subject: RE: [FW1] hacker 194.73.175.25




1.   Email a nicely (I mean nice as they don't have to help you) worded
message to the people that changed the RIPE details ([EMAIL PROTECTED]
and [EMAIL PROTECTED]) asking if the details are still are correct as
the email address details don't work and you have a hacker issue. these
people may not answer as they changed the details 4 years ago and may no
longer work at those places
2.   Ring the phone numbers listed, see if a real person answers and talk
to them
3.   send an email to [EMAIL PROTECTED]

4.   Using same spade I did a dig for that ip address and got the
following: perhaps an email to [EMAIL PROTECTED]  may help considering
www.moregroup.com shows references to "more o'farrell adshel"

hth
deanc

 06/15/00 09:35:12 dig 194.73.175.25 @ 202.36.123.19
Dig [EMAIL PROTECTED] ...
Authoritative Answer
Recursive queries supported by this server
Authoritative answer: Host doesn't exist
 Query for 25.175.73.194.in-addr.arpa type=255 class=1
  175.73.194.in-addr.arpa SOA (Zone of Authority)
        Primary NS: ns.moregroup.com
        Responsible person: [EMAIL PROTECTED]
        serial:114
        refresh:10800s (3 hours)
        retry:3600s (60 minutes)
        expire:604800s (7 days)
        minimum-ttl:86400s (24 hours)



this is the info I got from ripe for that ip address range (obtained using
sam spade for windows  http://www.samspade.org  )

inetnum:     194.73.175.0 - 194.73.175.255
netname:     BT-CUST-340
descr:       more o'farrell adshel
country:     GB
admin-c:     SP138-RIPE
tech-c:      GW203-RIPE
status:      ASSIGNED PA
remarks:     Please send abuse notification to [EMAIL PROTECTED]
changed:     [EMAIL PROTECTED] 19990212
source:      RIPE

route:       194.72.0.0/15
descr:       BTnet
origin:      AS2856
remarks:     Please send abuse notification to [EMAIL PROTECTED]
mnt-by:      BTNET-MNT
changed:     [EMAIL PROTECTED] 19990204
source:      RIPE

person:      Stephen Page
address:     More O'Farral Adshel Ltd
address:     Meirion House
address:     Guildford Road
address:     Woking
address:     Surrey
address:     GU22 7QF
address:     England, UK
phone:       +44 1483 718867
fax-no:      +44 1483 718891
e-mail:      [EMAIL PROTECTED]
nic-hdl:     SP138-RIPE
mnt-by:      AS1849-MNT
changed:     [EMAIL PROTECTED] 19960926
source:      RIPE

person:      Grant Wadge
address:     3rd floor cp house
address:     97-107 uxbridge road
address:     ealing
address:     london
address:     uk
phone:       +44 1815674719
fax-no:      +44 1815678389
e-mail:      [EMAIL PROTECTED]
nic-hdl:     GW203-RIPE
changed:     [EMAIL PROTECTED] 19960215
source:      RIPE


-----Original Message-----
From: hermit1 [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 14, 2000 2:54 PM
To: [EMAIL PROTECTED]
Subject: [FW1] hacker 194.73.175.25



This is relevant only because my FW-1 logs show me this problem, but
someone on this list must know the answer.  I am trying to get in touch
with someone at bt.net (apparently in England) to get them to stop scanning
my address space (currently on scan number 4), or maybe someone is spoofing
their IP address.  The email addresses listed in RIPE do not exist.

Any help will be appreciated.

hermit1
***************************************************
This e-mail is  not an  official  statement of  the
Waikato  Regional  Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***************************************************


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================






================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to