Is this being caused by our anonymous proxy test?

----- Forwarded message from Spam_Reports@city-guide.com -----

From: Spam_Reports@city-guide.com Date: Tue, 6 Apr 2004 10:42:05 -0400 To: JWALES@BOMIS.COM Subject: Abuse Reports ( Bomis Inc. / Wikimedia )

Dear Aleron Customer:

We have received a report regarding alleged violations of Aleron's Acceptable Use Policy and Network Routing Policy. Both policies can be found at http://aleron.com/info/aup.html and http://operations.aleron.net/routingpolicy.html respectively.

Aleron works closely with its customers to resolve situations as quickly as possible. We request you take whatever measures you deem appropriate which will ensure no further violations occur.

Aleron values its relationships with its customers and will work with you in any way necessary to preserve that relationship. However, Aleron is legally bound to enforce its AUP. If it is confirmed that abuses are taking place, and we cannot elicit your cooperation in discontinuing the abuse, Aleron may be forced to take drastic actions, which could include filtering in/out traffic to the host, prefix-list modification whereby removing the prefix - subnet rounded off to the smallest possible aggregate and or termination of services.

Once this issue has been resolved please reply to this message, making sure the reply goes to abuse@aleron.net and keeping the subject the same.

--------------------------------------------------------------------------------

Host: 207.142.131.231

Abuse: port scans, TCP - possibly probing for security exploits

Logging: (brief example logging on 4/6/2004 10:25 EDT is as follows)

Extended IP access list 133 permit tcp host 207.142.131.231 any eq www (229 matches) permit tcp host 207.142.131.231 any eq 81 (153 matches) permit tcp host 207.142.131.231 any eq 1080 (147 matches) permit tcp host 207.142.131.231 any eq 3128 (146 matches) permit tcp host 207.142.131.231 any eq 8080 (165 matches) permit ip any any (99322044 matches)

Notes: Please investigate on your end. 1 complaint with logging is attached.

--------------------------------------------------------------------------------

Best regards,

Abuse Policy Notification Aleron Broadband Services, LLC. abuse@aleron.net

From: abuse@deprotect.com Date: Tue, 6 Apr 2004 10:08:26 -0400 To: "Abuse" abuse@aleron.com Subject: ABUSE 207.142.131.232 Abuse id: 80283

Hello,

We have detected a portscan from your IP subnet range against one of our clients DI (Dagens Industri), please look at the attached information. This got triggered as the remote system either scanned multiple hosts or a significant amount of ports on a single host. We kindly ask you to investigate this and report back to us at your earliest convenience.

Operator: Jonas H Timezone: GMT +01:00 SWEDEN

Log transcript:

2004-04-06 14:04:35 Apr 6 13:06:13 root: [ID 702911 local0.info] 6Apr2004 13:06:13 drop 213.134.99.34 >hme0 useralert product: VPN-1 & FireWall-1; src: 207.142.131.232; s_port: 48767; dst: 213.134.99.34; service: 1080; proto: tcp; rule: 4;

2004-04-06 14:04:35 Apr 6 13:06:13 root: [ID 702911 local0.info] 6Apr2004 13:06:13 drop 213.134.99.34 >hme0 useralert product: VPN-1 & FireWall-1; src: 207.142.131.232; s_port: 48768; dst: 213.134.99.34; service: 81; proto: tcp; rule: 4;

2004-04-06 14:04:35 Apr 6 13:06:13 root: [ID 702911 local0.info] 6Apr2004 13:06:13 drop 213.134.99.34 >hme0 useralert product: VPN-1 & FireWall-1; src: 207.142.131.232; s_port: 48770; dst: 213.134.99.34; service: 80; proto: tcp; rule: 4;

2004-04-06 14:04:35 Apr 6 13:06:13 root: [ID 702911 local0.info] 6Apr2004 13:06:13 drop 213.134.99.34 >hme0 useralert product: VPN-1 & FireWall-1; src: 207.142.131.232; s_port: 48771; dst: 213.134.99.34; service: 8000; proto: tcp; rule: 4;

2004-04-06 14:04:37 Apr 6 13:06:15 root: [ID 702911 local0.info] 6Apr2004 13:06:13 drop 213.134.99.34 >hme0 useralert product: VPN-1 & FireWall-1; src: 207.142.131.232; s_port: 48779; dst: 213.134.99.34; service: 3128; proto: tcp; rule: 4;

Regards Security Operator

Deprotect AB Upperudsv 4, 464 72 Haverud, Sweden Tel. +46-(0)530 444 64 Fax. +46-(0)530 444 69 Mailto: abuse@deprotect.com http://www.deprotect.com

This transmission is intended for the person to whom or the entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended recipent, please be notified that any dissemination, distribution or copying is strictly prohibited. If you have received this transmission in error, please notify us immediately. Thank you for your cooperation.

----- End forwarded message -----