North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

FWD: RE: FW: Getting hacked by Digital Isle?

  • From: Christopher Wolff
  • Date: Thu Oct 25 23:57:26 2001

Here is the official Digital Isle party line.  The part that I like is 

"3) Respond to this message requesting we stop pinging your server.  In this event our pinging will cease in several days."

Several days?  I'm wondering if I can send a bill to Digital Isle for beta testing their product on my time and bandwidth without even asking me.

Regards,
Christopher
---------- Original Message ----------------------------------
From: Sean Gleason <[email protected]>
Date: Fri, 26 Oct 2001 01:02:21 +0000 (GMT)


Chris,

We apologize for any inconvenience caused by pings (ICMP_ECHO packets)
coming from our machines.  Your server was being pinged as part of our
real-time "network weather" mapping system called Best Distributor
Selection.  BDS is an essential part of Footprint, Digital Island's
intelligent network service offering.  It is used to optimize 
performance when your customers access the web resources of our 
customers.

Many large web publishers, such as AOL, CNBC and Blue Mountain, use 
our Footprint service to speed up the delivery of their web content.
Our system intelligently matches browsers to the servers on our 
Footprint network that will provide the best performance.  The dynamic
nature of routing and congestion on the Internet make it necessary for
us to constantly update our maps.

Our network was pinging your system because it appeared to be a name
server with a sufficient number of resolution requests for our 
customer web sites to be placed on the list of network nodes to be 
constantly observed for Internet congestion.

By pinging your name server, we can provide better quality of service
to your users when they access the web sites of our expanding customer
list. We hope you will consider granting us permission to continue 
pinging a name server in your domain.

Sandpiper Networks merged with Digital Island in December 1999, which
is why some of the machines pinging you were in digisle.net.

At this point you can:

1) Do nothing. Please accept our apologies and be assured that your
   machines are not being pinged by a hostile party.

2) Tell us if there is an alternate name server in your IP address 
   space that you would like us to ping. We will direct future ping 
   traffic to it.

3) Respond to this message requesting we stop pinging your server.  In
   this event our pinging will cease in several days.

Regards,

Sean Gleason

Digital Island, Inc.


















On Thu, 25 Oct 2001, Christopher J. Wolff wrote:

> Hello, thank you for your response.  Here are the source addresses.
> 
> 
>  IDS246/dos_dos-large-icmp   ICMP   167.216.210.50:na   64.212.9.100:na
> ns1.bblabs.net   17:30 10-25
>  IDS246/dos_dos-large-icmp   ICMP   198.30.3.4:na   64.212.9.100:na
> ns1.bblabs.net   17:29 10-25
>  IDS246/dos_dos-large-icmp   ICMP   24.30.1.7:na   64.212.9.100:na
> ns1.bblabs.net   17:27 10-25
>  IDS246/dos_dos-large-icmp   ICMP   212.177.57.41:na   64.212.9.100:na
> ns1.bblabs.net   17:27 10-25
>  IDS118/scan_Traceroute ICMP   ICMP   216.200.14.119:na   64.212.9.100:na
> ns1.bblabs.net   17:27 10-25
>  IDS118/scan_Traceroute ICMP   ICMP   216.32.118.78:na   64.212.9.100:na
> ns1.bblabs.net   17:27 10-25
>  IDS118/scan_Traceroute ICMP   ICMP   207.46.144.74:na   64.212.9.100:na
> ns1.bblabs.net   17:27 10-25
>  IDS118/scan_Traceroute ICMP   ICMP   208.148.96.52:na   64.212.9.100:na
> ns1.bblabs.net   17:26 10-25
>  IDS246/dos_dos-large-icmp   ICMP   212.157.128.115:na   64.212.9.100:na
> ns1.bblabs.net   17:26 10-25
>  IDS171/icmp_ping zeros   ICMP   139.95.253.3:na   64.212.9.100:na
> ns1.bblabs.net   17:25 10-25
>  IDS171/icmp_ping zeros   ICMP   139.95.253.3:na   64.212.9.100:na
> ns1.bblabs.net   17:25 10-25
>  IDS171/icmp_ping zeros   ICMP   139.95.253.3:na   64.212.9.100:na
> ns1.bblabs.net   17:25 10-25
>  IDS246/dos_dos-large-icmp   ICMP   216.235.98.98:na   64.212.9.100:na
> ns1.bblabs.net   17:25 10-25
>  IDS171/icmp_ping zeros   ICMP   139.95.253.3:na   64.212.9.100:na
> ns1.bblabs.net   17:24 10-25
>  IDS171/icmp_ping zeros   ICMP   139.95.253.3:na   64.212.9.100:na
> ns1.bblabs.net   17:24 10-25
>  IDS171/icmp_ping zeros   ICMP   139.95.253.3:na   64.212.9.100:na
> ns1.bblabs.net   17:24 10-25
>  IDS246/dos_dos-large-icmp   ICMP   216.117.43.196:na   64.212.9.100:na
> ns1.bblabs.net   17:24 10-25
>  IDS246/dos_dos-large-icmp   ICMP   216.206.190.125:na   64.212.9.100:na
> ns1.bblabs.net   17:23 10-25
>  IDS246/dos_dos-large-icmp   ICMP   213.174.86.3:na   64.212.9.100:na
> ns1.bblabs.net   17:22 10-25
>  IDS246/dos_dos-large-icmp   ICMP   208.174.0.131:na   64.212.9.100:na
> ns1.bblabs.net   17:22 10-25
>  IDS118/scan_Traceroute ICMP   ICMP   216.200.14.119:na   64.212.9.100:na
> ns1.bblabs.net   17:19 10-25
>  IDS118/scan_Traceroute ICMP   ICMP   216.32.118.78:na   64.212.9.100:na
> ns1.bblabs.net   17:19 10-25
>  IDS118/scan_Traceroute ICMP   ICMP   207.46.144.74:na   64.212.9.100:na
> ns1.bblabs.net   17:19 10-25
>  IDS118/scan_Traceroute ICMP   ICMP   208.148.96.52:na   64.212.9.100:na
> ns1.bblabs.net   17:19 10-25
>  IDS246/dos_dos-large-icmp   ICMP   64.56.69.38:na   64.212.9.100:na
> ns1.bblabs.net   17:19 10-25
>  IDS246/dos_dos-large-icmp   ICMP   213.174.86.3:na   64.212.9.100:na
> ns1.bblabs.net   17:19 10-25
>  IDS246/dos_dos-large-icmp   ICMP   208.172.32.131:na   64.212.9.100:na
> ns1.bblabs.net   17:18 10-25
>  IDS246/dos_dos-large-icmp   ICMP   200.52.171.211:na   64.212.9.100:na
> ns1.bblabs.net   17:18 10-25
>  IDS246/dos_dos-large-icmp   ICMP   206.24.208.131:na   64.212.9.100:na
> ns1.bblabs.net   17:18 10-25
>  IDS246/dos_dos-large-icmp   ICMP   216.44.45.4:na   64.212.9.100:na
> ns1.bblabs.net   17:18 10-25
>  IDS246/dos_dos-large-icmp   ICMP   157.238.44.132:na   64.212.9.100:na
> ns1.bblabs.net   17:14 10-25
>  IDS246/dos_dos-large-icmp   ICMP   148.122.172.38:na   64.212.9.100:na
> ns1.bblabs.net   17:14 10-25
>  IDS246/dos_dos-large-icmp   ICMP   212.155.204.88:na   64.212.9.100:na
> ns1.bblabs.net   17:13 10-25
>  IDS246/dos_dos-large-icmp   ICMP   209.240.197.84:na   64.212.9.100:na
> ns1.bblabs.net   17:13 10-25
>  IDS118/scan_Traceroute ICMP   ICMP   64.242.62.92:na   64.212.9.100:na
> ns1.bblabs.net   17:13 10-25
>  IDS246/dos_dos-large-icmp   ICMP   65.32.4.170:na   64.212.9.100:na
> ns1.bblabs.net   17:13 10-25
>  IDS118/scan_Traceroute ICMP   ICMP   216.200.14.119:na   64.212.9.100:na
> ns1.bblabs.net   17:10 10-25
>  IDS118/scan_Traceroute ICMP   ICMP   216.32.118.78:na   64.212.9.100:na
> ns1.bblabs.net   17:10 10-25
>  IDS118/scan_Traceroute ICMP   ICMP   207.46.144.74:na   64.212.9.100:na
> ns1.bblabs.net   17:10 10-25
>  IDS118/scan_Traceroute ICMP   ICMP   208.148.96.52:na   64.212.9.100:na
> ns1.bblabs.net   17:10 10-25
>  IDS246/dos_dos-large-icmp   ICMP   209.240.77.196:na   64.212.9.100:na
> ns1.bblabs.net   17:09 10-25
>  IDS246/dos_dos-large-icmp   ICMP   207.189.78.249:na   64.212.9.100:na
> ns1.bblabs.net   17:08 10-25
>  IDS246/dos_dos-large-icmp   ICMP   167.216.150.53:na   64.212.9.100:na
> ns1.bblabs.net   17:08 10-25
>  IDS246/dos_dos-large-icmp   ICMP   64.78.164.100:na   64.212.9.100:na
> ns1.bblabs.net   17:07 10-25
>  IDS118/scan_Traceroute ICMP   ICMP   204.201.228.130:na   64.212.9.100:na
> ns1.bblabs.net   17:06 10-25
>  IDS171/icmp_ping zeros   ICMP   163.181.249.3:na   64.212.9.100:na
> ns1.bblabs.net   17:06 10-25
>  IDS171/icmp_ping zeros   ICMP   163.181.249.3:na   64.212.9.100:na
> ns1.bblabs.net   17:06 10-25
>  IDS171/icmp_ping zeros   ICMP   163.181.249.3:na   64.212.9.100:na
> ns1.bblabs.net   17:06 10-25
>  IDS246/dos_dos-large-icmp   ICMP   207.230.26.4:na   64.212.9.100:na
> ns1.bblabs.net   17:05 10-25
>  IDS246/dos_dos-large-icmp   ICMP   216.206.179.5:na   64.212.9.100:na
> ns1.bblabs.net   17:05 10-25
>  IDS246/dos_dos-large-icmp   ICMP   167.216.218.245:na   64.212.9.100:na
> ns1.bblabs.net   17:04 10-25
>  IDS246/dos_dos-large-icmp   ICMP   167.216.216.117:na   64.212.9.100:na
> ns1.bblabs.net   17:03 10-25
>  IDS118/scan_Traceroute ICMP   ICMP   198.31.3.44:na   64.212.9.100:na
> ns1.bblabs.net   17:01 10-25
>  IDS246/dos_dos-large-icmp   ICMP   167.216.133.82:na   64.212.9.100:na
> ns1.bblabs.net   16:59 10-25
>  IDS118/scan_Traceroute ICMP   ICMP   24.130.30.75:na   64.212.9.100:na
> ns1.bblabs.net   16:58 10-25
>  IDS246/dos_dos-large-icmp   ICMP   64.232.139.108:na   64.212.9.100:na
> ns1.bblabs.net   16:57 10-25
>  IDS171/icmp_ping zeros   ICMP   64.92.138.196:na   64.212.9.100:na
> ns1.bblabs.net   16:57 10-25
>  IDS171/icmp_ping zeros   ICMP   64.92.138.196:na   64.212.9.100:na
> ns1.bblabs.net   16:57 10-25
>  IDS171/icmp_ping zeros   ICMP   64.92.138.196:na   64.212.9.100:na
> ns1.bblabs.net   16:57 10-25
>  IDS246/dos_dos-large-icmp   ICMP   64.78.164.100:na   64.212.9.100:na
> ns1.bblabs.net   16:57 10-25
> -----Original Message-----
> From: Sean Gleason [mailto:[email protected]]
> Sent: Thursday, October 25, 2001 4:44 PM
> To: Christopher J. Wolff
> Cc: [email protected]
> Subject: Re: FW: Getting hacked by Digital Isle?
> 
> 
> 
> 
> Could you provide me an IP address so we can investigate further.
> 
> Sean Gleason ---- Digital Island
> 
> 
> 
> On Thu, 25 Oct 2001, Christopher J. Wolff wrote:
> 
> >
> > I just received a log from my IDS claiming the following attack is taking
> > place from your network.  If this is true what are you doing and why are
> you
> > ICMP flooding my primary name server.
> >
> >
> > Log entry:
> >
> > mailto:[email protected] for questions
> > This ICMP ECHO REQUEST/REPLY is part of the real-time network monitoring
> > performed by Digital Island Inc.  It is not an attack.  If you have
> > questions please contact
> >
> [email protected]............
> >
> ............................................................................
> >
> ............................................................................
> >
> ............................................................................
> >
> ............................................................................
> >
> ............................................................................
> >
> ............................................................................
> >
> ............................................................................
> >
> ............................................................................
> >
> ............................................................................
> >
> ............................................................................
> >
> ............................................................................
> >
> ............................................................................
> >
> ............................................................................
> >
> ............................................................................
> > ...............................................
> >
> >
> > Regards,
> > Christopher J. Wolff, VP, CIO
> > Broadband Laboratories, Inc.
> > http://www.bblabs.com
> > email:[email protected]
> > phone:520.622.4338 x234
> >
> 
> 
> 
> 
>