[swinog] How to automate abuse complaints for ip based violations

Hi there, when looking through traffic analysis, I can more or less easily identify IP addresses that exhibit bad behavior (like massive port/address scanning, attempting to log into joomla/wp administration URLs, POP3/SMTP account scanning, etc) which need to be blocked. Now, since most of these

Re: [swinog] How to automate abuse complaints for ip based violations

Hi Markus >So, what alternatives are there? How about using services from Dshield (http://www.dshield.org/howto.html) or Threatstop (http://www.threatstop.com/IP-Reputation-Service-Overview especially step 5) Basically you submit your logs and they do the lookup for you and you can benefit fro

Re: [swinog] How to automate abuse complaints for ip based violations

Hi Markus There are a couple of standardized abuse report forms to report incidents or spam which can automaticly be processed by abuse desks. Ask Google for ARF oder X-ARF Then there is the problem of finding the abuse contacts. I agree, whois reply parsing is absolutely ugly, especialy as yo

Re: [swinog] How to automate abuse complaints for ip based violations

On 2013-08-23 09:43, Markus Wild wrote: [..] > My manual approach would be to lookup whois > data for the respective IP (which by itself can be a multi step process, > since you first need to find the right registry), and look for an > abuse-contact there. But, whois isn't exactly engineered for a

Re: [swinog] Belgian spammer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am Do den 22. Aug 2013 um 10:58 schrieb Jeroen Massar: > Contact Kangaroot (AS28707) who are the ISP hosting their netblock: [WHOIS info] > They should be able to put a stop on this, or they will in time appear > on spamhaus... > > Definitely f

Re: [swinog] Belgian spammer

On 2013-08-23 10:36, Klaus Ethgen wrote: [..] > I did not make good experiences with spam reports to foreign companies > or authorities. Usually you hear nothing and nothing hapens. Even in > Germany it is nearly impossible to get a address of a spammer to sue > him. And in countries with languages

Re: [swinog] How to automate abuse complaints for ip based violations

Hey Benoit, > And of course there is the abusix.org contacts database via DNS: > > $ host -t txt 0.0.161.157.abuse-contacts.abusix.org > 0.0.161.157.abuse-contacts.abusix.org descriptive text "ab...@imp.ch" thanks, this is exactly what I was looking for! Cheers, Markus ___

Re: [swinog] Small VoIP PBX recommendations

if you ask here: https://plus.google.com/communities/114149566116254233716 you will most probably get a quality answer. > > From: Andre Oppermann >To: swi...@swinog.ch >Sent: Thursday, August 22, 2013 6:56 PM >Subject: [swinog] Small VoIP PBX recommendations >

Re: [swinog] Belgian spammer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am Fr den 23. Aug 2013 um 9:47 schrieb Jeroen Massar: > On 2013-08-23 10:36, Klaus Ethgen wrote: > [..] > > I did not make good experiences with spam reports to foreign companies > > or authorities. Usually you hear nothing and nothing hapens.