Hi, Whois seems to say it's Charter Communications, abuse@charter.net. But if I mail them, they say: This email address is for reporting incidents of abuse coming from IP addresses registered to Charter Communications. Abuse from IP addresses not registered to Charter Communications should be directed to the registered owners of the IP address in question. The following link should be of assistance in locating the organization responsible for the IP address: http://www.arin.net/whois Thank you, Charter High-Speed Internet Security Team # # # From: Olaf van der Spek <olafvdspek@gmail.com> To: abuse@charter.net Date: Tue, 25 Jun 2013 09:11:38 +0200 Subject: DDoS Attack from 24.205.98.101 -- Olaf
Charter Communications CHARWR (NET-24-205-0-0-1) 24.205.0.0 - 24.205.255.255 Charter Communications CHAR-PAS-205-76-99 (NET-24-205-76-0-1) 24.205.76.0 - 24.205.99.255 2013/6/25 Olaf van der Spek <ml@vdspek.org>
Hi,
Whois seems to say it's Charter Communications, abuse@charter.net. But if I mail them, they say:
This email address is for reporting incidents of abuse coming from IP addresses registered to Charter Communications. Abuse from IP addresses not registered to Charter Communications should be directed to the registered owners of the IP address in question.
The following link should be of assistance in locating the organization responsible for the IP address:
Thank you,
Charter High-Speed Internet Security Team
# # #
From: Olaf van der Spek <olafvdspek@gmail.com> To: abuse@charter.net Date: Tue, 25 Jun 2013 09:11:38 +0200 Subject: DDoS Attack from 24.205.98.101
-- Olaf
-- ~~~ WBR, Vitaliy Turovets NOC Lead @TV-Net ISP +38(093)265-70-55 VITU-RIPE X-NCC-RegID: ua.tv
On 25.06.2013 09:18, Olaf van der Spek wrote:
Hi,
Whois seems to say it's Charter Communications, abuse@charter.net. But if I mail them, they say:
This email address is for reporting incidents of abuse coming from IP addresses registered to Charter Communications. Abuse from IP addresses not registered to Charter Communications should be directed to the registered owners of the IP address in question.
The following link should be of assistance in locating the organization responsible for the IP address:
Thank you,
Charter High-Speed Internet Security Team
# # #
From: Olaf van der Spek <olafvdspek@gmail.com> To: abuse@charter.net Date: Tue, 25 Jun 2013 09:11:38 +0200 Subject: DDoS Attack from 24.205.98.101
They respond this to every complaint I send - no matter which ip-range is involved. It's just a broken abuse-desk .. Gunther NetCologne Systemadministration -- NetCologne Gesellschaft für Telekommunikation mbH Am Coloneum 9 ; 50829 Köln Geschäftsführer: Dr. Hans Konle (Sprecher), Dipl.-Kfm. Mario Wilhelm Dipl.-Ing. Karl-Heinz Zankel Vorsitzender des Aufsichtsrates: Dr. Andreas Cerbe HRB 25580, AG Köln
In message <51C94ABE.6040806@netcologne.de>, Gunther Nitzsche <gnitzsche@netcologne.de> wrote:
They respond this to every complaint I send - no matter which ip-range is involved. It's just a broken abuse-desk ..
Don't take it personally. Large cable companies treat even their own customers like shit also. And you probably aren't even sending them checks every month. Regards, rfg
Excerpt from RFC3330 (Special-Use IPv4 Addresses, page 2 <quote> 24.0.0.0/8 - This block was allocated in early 1996 for use in provisioning IP service over cable television systems. Although the IANA initially was involved in making assignments to cable operators, this responsibility was transferred to American Registry for Internet Numbers (ARIN) in May 2001. Addresses within this block are assigned in the normal manner and should be treated as such. </quote> Just feed the following into the web-whois at https://apps.db.ripe.net/search/ -rBTinetnum -m 24.0.0.0/8 into the search field and tick the "all" box in the *Global resource Service beta* Hth, Wilfried. PS: for the Internet Archeologists - iirc, back then this was the interesting case of the cable "NET24" allocation, made outside the RIR system :-)
Olaf van der Spek wrote:
Hi,
Whois seems to say it's Charter Communications,
revDNS seems to agree: ... 15 225 ms 225 ms 226 ms 24-205-98-101.static.reno.nv.charter.com [24.205.98.101] -ww
In message <CAGVGHmte6Us48E-HtSD0s9RDm3Oky=YkTnG60NvHiawE2RqPPw@mail.gmail.com> Olaf van der Spek <ml@vdspek.org> wrote:
From: Olaf van der Spek <olafvdspek@gmail.com> To: abuse@charter.net Date: Tue, 25 Jun 2013 09:11:38 +0200 Subject: DDoS Attack from 24.205.98.101
I can't help but be curious... How exactly does a DISTRIBUTED Denial Of Service attack manage to originate from one single IP address? Regards, rfg P.S. Having myself been a victim of a reflection mailbomb attack in the distant past, let me just say that I _do_ know how _that_ sort of thing works, so please don't anybody waste a lot of electrons trying to explain _that_ to me. Thanks
On Tuesday 25 June 2013 09.18, Olaf van der Spek wrote:
Hi,
Whois seems to say it's Charter Communications, abuse@charter.net. But if I mail them, they say:
This email address is for reporting incidents of abuse coming from IP addresses registered to Charter Communications. Abuse from IP addresses not registered to Charter Communications should be directed to the registered owners of the IP address in question.
If the abuse "function" don't work i suggest that blocking this range will work. If and when charter decides that their customers should have full access they should start with a working abuse staff ( and some more ) Until then, we can manage without them. <snip> # # #
From: Olaf van der Spek <olafvdspek@gmail.com> To: abuse@charter.net Date: Tue, 25 Jun 2013 09:11:38 +0200 Subject: DDoS Attack from 24.205.98.101
-- Peter Håkanson There's never money to do it right, but always money to do it again ... and again ... and again ... and again. ( Det är billigare att göra rätt. Det är dyrt att laga fel. )
participants (6)
-
Gunther Nitzsche -
Olaf van der Spek -
peter h -
Ronald F. Guilmette -
Wilfried Woeber -
Виталий Туровец