Date: Sun, 23 May 1999 20:39:12 -0700 From: Alex <out-door@pacbell.net> To: Roger Marquis <marquis@roble.com> Cc: security@FreeBSD.ORG, firewall-wizards@nfr.net Subject: you should post this on ntsecurity@iss.net Message-ID: <3748C9E0.FEF70C3@pacbell.net> References: <Pine.GSO.3.96.990523175258.28317A-100000@roble2.roble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I think you will find some friends there, the good kind. Alex Roger Marquis wrote: > On Sat, May 22, 1999 at 06:40:20PM -0700, David Babler wrote: > > > On Sat, May 22, 1999 at 11:05:28AM -0600, Brett Glass wrote: > > > > This morning, someone at the domain "imagelock.com" apparently launched a > > > > denial of service attack against a Web server I administer. The abuser was > > > imagelock.com has been banned from my web servers ever since they > > > initiated a DoS attack against me a few months ago. Basically, they > > > download every accessible file on a website. The company's MO is to > > > > Their web client also gleefully ignores robots.txt as well, and spent 2 > > hours here chasing web poisoned pages - apparently quitting only when it > > didn't find any images to fingerprint. So they're now blocked here at the > > firewall too - thanks for the heads-up. Wonder how much they can sell > > their service for when they find they don't have access to poke around? > > Great information! Thanks Brett. I checked our httpd logs and > immediately found several thousand hits from this subnet, which is now > filtered. > > Imagelock could be another name for Cyveillance.com. We saw an > identical pattern 2 months ago from another IP which had/has no reverse > DNS. The domain turned out to be Cyveillance and their ISP was (at the > time) Digex.net who forwarded our complaint and followed up twice. > Thank you Digex! > > After 3 complaints to Digex and Cyveillance we finally received this > response from Cyveillance: > > > Recently Digex, our internet provider, forwarded your inquiry regarding > > visits to your site from 207.87.178.66. > > > > We provide companies with brand protection services on the internet. To > > accomplish this goal we employ search engines / web crawlers to scan the > > internet. We are in no way involved with the creation of unsolicited > > commercial email. Please see our web site at http://www.cyveillance.com > > where you can learn more about our company and what we do. > > > > It appears we crawled your web site as part of our general web search, and > > crawled your mailto directories as part of that search. We hope we didn't > > cause you any inconvenience. > > > > If you have any questions, don't hesitate to contact me. > > > > Paul K. Witting > > Manager of Information Systems > > Cyveillance - Intelligent Internet Surveillance > > PWitting@Cyveillance.com > > (703) 519-4212 > > However they never did stop scanning our subnets until we filtered > their subnet at 207.87.178. > > This subnet still has no reverse DNS however `whois` shows Cyveillance > is now a customer of imaphost.com and namesecure.com. "imaphost.com" > is already in our IP filter list (all 27 lines of it) for previous HTTP > abuses however namesecure.com is not. > > Call me paraniod but it sure looks like another Cyveillance attempt to > cover their tracks. > > -- > Roger Marquis > Roble Systems Consulting > http://www.roble.com/ > > - > [To unsubscribe, send mail to majordomo@lists.gnac.net with > "unsubscribe firewalls" in the body of the message.] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3748C9E0.FEF70C3>