Is this being caused by our anonymous proxy test?
----- Forwarded message from Spam_Reports(a)city-guide.com -----
From: Spam_Reports(a)city-guide.com
Date: Tue, 6 Apr 2004 10:42:05 -0400
To: <JWALES(a)BOMIS.COM>
Subject: Abuse Reports ( Bomis Inc. / Wikimedia )
Dear Aleron Customer:
We have received a report regarding alleged violations of Aleron's Acceptable
Use Policy and Network Routing Policy. Both policies can be found at
http://aleron.com/info/aup.html and
http://operations.aleron.net/routingpolicy.html
respectively.
Aleron works closely with its customers to resolve situations as quickly
as possible. We request you take whatever measures you deem appropriate
which will ensure no further violations occur.
Aleron values its relationships with its customers and will work with
you in any way necessary to preserve that relationship. However, Aleron
is legally bound to enforce its AUP. If it is confirmed that abuses are
taking place, and we cannot elicit your cooperation in discontinuing the
abuse, Aleron may be forced to take drastic actions, which could
include filtering in/out traffic to the host, prefix-list modification whereby
removing the prefix - subnet rounded off to the smallest possible aggregate
and or termination of services.
Once this issue has been resolved please reply to this message, making
sure the reply goes to abuse(a)aleron.net and keeping the subject the same.
--------------------------------------------------------------------------------
Host: 207.142.131.231
Abuse: port scans, TCP - possibly probing for security exploits
Logging: (brief example logging on 4/6/2004 10:25 EDT is as follows)
Extended IP access list 133
permit tcp host 207.142.131.231 any eq www (229 matches)
permit tcp host 207.142.131.231 any eq 81 (153 matches)
permit tcp host 207.142.131.231 any eq 1080 (147 matches)
permit tcp host 207.142.131.231 any eq 3128 (146 matches)
permit tcp host 207.142.131.231 any eq 8080 (165 matches)
permit ip any any (99322044 matches)
Notes: Please investigate on your end. 1 complaint with logging is attached.
--------------------------------------------------------------------------------
Best regards,
Abuse Policy Notification
Aleron Broadband Services, LLC.
abuse(a)aleron.net
From: <abuse(a)deprotect.com>
Date: Tue, 6 Apr 2004 10:08:26 -0400
To: "Abuse" <abuse(a)aleron.com>
Subject: ABUSE 207.142.131.232 Abuse id: 80283
Hello,
We have detected a portscan from your IP subnet range against one of our clients DI
(Dagens Industri), please look at the attached information. This got triggered as the
remote system either scanned multiple hosts or a significant amount of ports on a single
host. We kindly ask you to investigate this and report back to us at your earliest
convenience.
Operator: Jonas H
Timezone:
GMT +01:00
SWEDEN
Log transcript:
2004-04-06 14:04:35 Apr 6 13:06:13 root: [ID 702911 local0.info] 6Apr2004 13:06:13 drop
213.134.99.34 >hme0 useralert product: VPN-1 & FireWall-1; src: 207.142.131.232;
s_port: 48767; dst: 213.134.99.34; service: 1080; proto: tcp; rule: 4;
2004-04-06 14:04:35 Apr 6 13:06:13 root: [ID 702911 local0.info] 6Apr2004 13:06:13 drop
213.134.99.34 >hme0 useralert product: VPN-1 & FireWall-1; src: 207.142.131.232;
s_port: 48768; dst: 213.134.99.34; service: 81; proto: tcp; rule: 4;
2004-04-06 14:04:35 Apr 6 13:06:13 root: [ID 702911 local0.info] 6Apr2004 13:06:13 drop
213.134.99.34 >hme0 useralert product: VPN-1 & FireWall-1; src: 207.142.131.232;
s_port: 48770; dst: 213.134.99.34; service: 80; proto: tcp; rule: 4;
2004-04-06 14:04:35 Apr 6 13:06:13 root: [ID 702911 local0.info] 6Apr2004 13:06:13 drop
213.134.99.34 >hme0 useralert product: VPN-1 & FireWall-1; src: 207.142.131.232;
s_port: 48771; dst: 213.134.99.34; service: 8000; proto: tcp; rule: 4;
2004-04-06 14:04:37 Apr 6 13:06:15 root: [ID 702911 local0.info] 6Apr2004 13:06:13 drop
213.134.99.34 >hme0 useralert product: VPN-1 & FireWall-1; src: 207.142.131.232;
s_port: 48779; dst: 213.134.99.34; service: 3128; proto: tcp; rule: 4;
Regards
Security Operator
Deprotect AB
Upperudsv 4, 464 72 Haverud, Sweden
Tel. +46-(0)530 444 64
Fax. +46-(0)530 444 69
Mailto: abuse(a)deprotect.com
http://www.deprotect.com
This transmission is intended for the person to whom or the entity to which it is
addressed and may contain information that is privileged, confidential and exempt from
disclosure under applicable law. If you are not the intended recipent, please be notified
that any dissemination, distribution or copying is strictly prohibited. If you have
received this transmission in error, please notify us immediately. Thank you for your
cooperation.
----- End forwarded message -----