Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 23 May 1999 20:39:12 -0700
From:      Alex <out-door@pacbell.net>
To:        Roger Marquis <marquis@roble.com>
Cc:        security@FreeBSD.ORG, firewall-wizards@nfr.net
Subject:   you should post this on ntsecurity@iss.net
Message-ID:  <3748C9E0.FEF70C3@pacbell.net>
References:  <Pine.GSO.3.96.990523175258.28317A-100000@roble2.roble.com>

next in thread | previous in thread | raw e-mail | index | archive | help
I think you will find some friends there, the good kind.

Alex

Roger Marquis wrote:

> On Sat, May 22, 1999 at 06:40:20PM -0700, David Babler wrote:
> > > On Sat, May 22, 1999 at 11:05:28AM -0600, Brett Glass wrote:
> > > > This morning, someone at the domain "imagelock.com" apparently launched a
> > > > denial of service attack against a Web server I administer. The abuser was
> > > imagelock.com has been banned from my web servers ever since they
> > > initiated a DoS attack against me a few months ago.  Basically, they
> > > download every accessible file on a website.  The company's MO is to
> >
> > Their web client also gleefully ignores robots.txt as well, and spent 2
> > hours here chasing web poisoned pages - apparently quitting only when it
> > didn't find any images to fingerprint. So they're now blocked here at the
> > firewall too - thanks for the heads-up. Wonder how much they can sell
> > their service for when they find they don't have access to poke around?
>
> Great information!  Thanks Brett.  I checked our httpd logs and
> immediately found several thousand hits from this subnet, which is now
> filtered.
>
> Imagelock could be another name for Cyveillance.com.  We saw an
> identical pattern 2 months ago from another IP which had/has no reverse
> DNS.  The domain turned out to be Cyveillance and their ISP was (at the
> time) Digex.net who forwarded our complaint and followed up twice.
> Thank you Digex!
>
> After 3 complaints to Digex and Cyveillance we finally received this
> response from Cyveillance:
>
>  > Recently Digex, our internet provider, forwarded your inquiry regarding
>  > visits to your site from 207.87.178.66.
>  >
>  > We provide companies with brand protection services on the internet. To
>  > accomplish this goal we employ search engines / web crawlers to scan the
>  > internet. We are in no way involved with the creation of unsolicited
>  > commercial email. Please see our web site at http://www.cyveillance.com
>  > where you can learn more about our company and what we do.
>  >
>  > It appears we crawled your web site as part of our general web search, and
>  > crawled your mailto directories as part of that search. We hope we didn't
>  > cause you any inconvenience.
>  >
>  > If you have any questions, don't hesitate to contact me.
>  >
>  > Paul K. Witting
>  > Manager of Information Systems
>  > Cyveillance - Intelligent Internet Surveillance
>  > PWitting@Cyveillance.com
>  > (703) 519-4212
>
> However they never did stop scanning our subnets until we filtered
> their subnet at 207.87.178.
>
> This subnet still has no reverse DNS however `whois` shows Cyveillance
> is now a customer of imaphost.com and namesecure.com.  "imaphost.com"
> is already in our IP filter list (all 27 lines of it) for previous HTTP
> abuses however namesecure.com is not.
>
> Call me paraniod but it sure looks like another Cyveillance attempt to
> cover their tracks.
>
> --
> Roger Marquis
> Roble Systems Consulting
> http://www.roble.com/
>
> -
> [To unsubscribe, send mail to majordomo@lists.gnac.net with
> "unsubscribe firewalls" in the body of the message.]



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3748C9E0.FEF70C3>