[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
AS24940 Hetzner -- non-role contact wanted
Several telcos are working on a project to authenticate calls:
AT&T and Comcast have reportedly tested it between their networks.
On Tue, Apr 23, 2019 at 9:23 AM Kovich Greg <greg.kovich at al-enterprise.com>
> Hello Ronald,
> I did a quick search on LinkedIn and found a couple Hetzner internet
> companies - each had a couple employees listed that I could request a
> connection with.
> I love your passion about SPAM - I wish there was a way to stop all the
> VoIP Spoofing/Spammersâ?¦ I am certainly tired of hearing that this is the
> last time Iâ??ll be contacted about an extended car warranty, from a phone
> number that is not in service.
> Good luck - and thanks for trying to clean up some of the low-life trash.
> Greg Kovich
> Director, Global Education Sales
> Alcatel-Lucent Enterprise
> ALE USA
> 3015 Abby Lane | Suite 301-B
> Schererville, IN 46375
> t: +1-818-878-4667 m: +1-219-276-2320
> e: Greg.Kovich at al-enterprise.com <greg.kovich at al-enterprise.com> w:
> www.al-enterprise.com <https://www.al-enterprise.com/en>
> [image: LinkedIn]
> <https://www.linkedin.com/company/alcatellucententerprise> [image:
> Twitter] <https://twitter.com/aluenterprise> [image: YouTube]
> <https://www.youtube.com/user/EnterpriseALU> [image: Facebook]
> <https://www.facebook.com/ALUEnterprise> [image: Rainbow]
> The Alcatel-Lucent name and logo are trademarks of Nokia used under
> license by ALE.
> This communication is intended to be received only by the individual or
> entity to whom or to which it is addressed and may contain information that
> is privileged/confidential or subject to copyright. Any unauthorized use,
> copying, review or disclosure of this communication is strictly prohibited.
> If you have received this communication in error, please delete this
> message from your e-mail box and information system (including all files
> and documents attached) and notify the sender by reply email.
> On Apr 23, 2019, at 7:00 AM, nanog-request at nanog.org wrote:
> ** External email - Please consider with caution **
> Send NANOG mailing list submissions to
> nanog at nanog.org
> To subscribe or unsubscribe via the World Wide Web, visit
> or, via email, send a message with subject or body 'help' to
> nanog-request at nanog.org
> You can reach the person managing the list at
> nanog-owner at nanog.org
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of NANOG digest..."
> Today's Topics:
> 1. AS24940 Hetzner -- non-role contact wanted (Ronald F. Guilmette)
> Message: 1
> Date: Mon, 22 Apr 2019 21:28:20 -0700
> From: "Ronald F. Guilmette" <rfg at tristatelogic.com>
> To: nanog at nanog.org
> Subject: AS24940 Hetzner -- non-role contact wanted
> Message-ID: <23295.1555993700 at segfault.tristatelogic.com>
> Subtitle: Another Big Mess On Aisle Thirteen. Somebody Grab The Mop!
> Just over a month ago, I was here, doing what I always do, bitching
> and moaning about the low-life trash that is typically allowed to roam
> free and unfettered on the Internet:
> Shortly thereafter, it appeared that perhaps that effort on my part had
> not been a total waste of electrons. The extortion spams stopped, for
> awhile anyway, and it started to look like Digital Ocean had in fact
> kicked the perp's as the curb. So, you know, case closed, right? Well,
> not really. Once this kind of clown gets a taste for the easy money,
> it's hard to go back to actually washing dishes for a living again. So,
> you know, HE'S BACK.
> (And for those of you who may want to claim that I'm being sexist, and
> that I can't know for sure if it is a man or a woman behind this shit,
> I just have one word: No. Women don't do this shit. Perhaps they
> have more respect for their fellow humans, or whatever. But the reality
> is, of all the low-life scumbag spammers that I've ID'd over the past 20+
> years... and there have been plenty of them... 99,99% have been men.
> That's just a fact.)
> So anyway, based on the current evidence, it's looking like Digital
> Ocean -may- possibly have actually -tried- to kick this guy off their
> network, or maybe not. (See below.) It's possible that they just told
> him that they would be happy to keep on taking his money, but that he
> just shouldn't spam from their network anymore. I don't really have
> any way of knowing. They didn't tell me the crook's name, so who the
> hell knows?
> In any case, now it appears that this same specific spammer and con-man
> si now doing his extortion spamming 100% from AS24940 Hetzner. Here is
> a freshly updated list of all of his spam spewer FQDNs, and the IPv4
> addresses that all of them are pointed at right now:
> If and only if Digital Ocean (AS14061) really did kick this scumbag's
> ass to the curb... or if they at least tried to do so... then that
> eliminates all of the IP address shown in the above list that are
> prefixed with Digital Ocean's ASN (14061) from the ilst, at least as
> far as outbound spamming is concerned. That would leave us with only
> the AS24940 Hetzner IP addresses as current live spam spewers:
> (In case it isn't obvious, I do advise all parties not to accept any
> incoming email from any of the above listed IPs or domain names until
> this all gets cleaned up.)
> Meanwhile, I'd like to get hold of a (non-role) contact email address
> for any warm body at Hetzner who may actually give a shit about any of
> this. I understand that this may be a REAL big ask. I have been
> informed, just today, by a reliable source that fundamentally, Hetzner
> just doesn't do shit about spam reports sent their way.
> And anyway, why would they? Apparently, none of the other big hosting
> providers do anything but ignore the spam reports that are sent to them
> either. And just as Digital Ocean had done to me one month ago, when I had
> occasion to send Hetzner a report about some totally unrelated spam that
> I received, just today, from their network, about 30 seconds later I got
> back what can only be called an "ignore bot" automated email reply, telling
> me ... just as Digital Ocean has done to me previously... that while it
> was perfectly OK with them if their customers spammed my via the medium
> of email, that there was nontheless no frekin' way that THEY would
> any reports about that VIA EMAIL. So I was told to fill out some web form
> on the Hetzner web site, so that Hetzner staff could remain anonymous, and
> could anonymously receive that report, and then immediately and with all
> due haste dispatch it forthwith directly to /dev/null. Swell.
> So, you know, it may not do a bit of good, but I really would like to be
> able to find out for myself if Hetzner is just totally staffed by mindless
> robots, utterly lacking in compassion and empathy and also any sense of
> ethics, or if there is at least one live engineer there... someone with
> a name and a face and maybe ever a friend or relative who has been conned
> by one in this endless parade of unaccountable Internet fraudsters. I'd
> like to find out, in other words, if there is any warm body there who even
> gives a shit.
> So, if any fo you who are reading this happen to know any live humans at
> Hetzner, please do send me their contact info. I am most certainly
> *not* going to flll out Hetzner's dumb-ass watse-of-my-time web form just
> for the honor of informing THEM of THEIR freekin't problem child customer,
> especially guven the high probability that my attempt to report this to
> them will go straight to the but bucket.
> I actually don't mind lending a hand to help mega providers like this to
> clean their own toilets. I do mind however when they go out of their way
> to make it harder and more tedious and time consuming for me to do that.
> In fact it would be nice if this entire industry would get its collective
> head out of its collective ass, recognize that it has an ongoing problem
> with Bad Actors acquiring "hosting" resources, and figure out a way to
> deal with that that DOESN'T just involve taking the money and looking
> the other way, and routinely ignoring all abuse reports. (Ther smaller
> providers actually deal with this problem much better than the bigger ones.
> THEY as least are not cowed into utter silence by paranoid and
> corporate counsel. So they can and do let one another know when a Bad
> is out there, roaming the streets, looking for hosting companies to use and
> abuse. Just search webhostingtalk.com for mentions of "PredictLabs" and
> you can see for yourselves. This isn't anti-trust. This is
> which is different, even if a lot of corporate counsel are just too effing
> stoopid to grasp the important differences between Standard Oil in the year
> 1900 and a modern Neighborhood Watch group.)
> Anyway, to return to today's Bad Actor de jure, although it is looking
> like he is graciously confining his outbound spamming to just AS24940,
> i.e. Hetzner at the moment, it's apparent that he plans to be around for
> awhile, even in the unlikely even that anybody at Hetzner should notice
> what he is doing -or- elect to give a shit about it. So he's done what
> any Internet user seeking survivability does... he has distributed his
> name servers over several different networks. Specifically here they
> all are:
> 126.96.36.199 ns1.eatshit.xyz
> 188.8.131.52 ns1.epicdns.xyz
> 184.108.40.206 ns1.suck-me.xyz
> 220.127.116.11 ns1.suckmycock.online
> 18.104.22.168 ns1.privatedns.top
> 22.214.171.124 ns1.younoob.life
> 126.96.36.199 ns1.gmail-dns.com
> 188.8.131.52 ns1.privatedns.rocks
> 184.108.40.206 ns1.mynameservers.org
> 220.127.116.11 ns1.fuckdns.org
> (The ns2. name server in all of these cases is on the same IPv4 address
> with the ns1. server.)
> So, even though this guy is likely only spamming from Hetzner at present,
> he's got his name servers well distributed, as you can see above. Those
> name server are scattered around on all ofthe following networks (in
> numerical order):
> AS3842 US RamNode LLC
> AS8100 US QuadraNet Enterprises LLC
> AS14061 US DigitalOcean, LLC
> AS20473 US Choopa, LLC
> AS47583 CY Hostinger International Limited
> AS51852 PA Private Layer INC
> AS54290 US Hostwinds LLC.
> AS58329 DE easystores GmbH
> AS62370 NL Snel.com B.V.
> AS197071 DE Dennis Rainer Warnholz trading as active-servers.com
> I would consider it a good day's work if I could get people here on this
> lest to help me to get some of these name server turned off, and the
> associated accounts canceled, but I'm probably hoping for too much.
> Still, I have to ask. Please help if you can. I spent several hours
> working on this case today. maybe the rest of you could pictch in just
> long enough to send polite email to one or more of the above networks,
> just to let them know that they have a problem child as a customer
> (at the exact addresses listed above). You can send them also a link
> to this posting in teh NANOG archives also if you like. I don't know
> if that would help or hurt, but it is worth a try.
> Anyway, "takedowns" shouldn't only be for botnets. When the Internet
> does... as it frequently does these days... get this kind of exceptionally
> annoying AND exceptionally criminal professional spammer, it would be
> kind of nice if there were some way to get his ass totally turfed from
> the whole Internet. That seems to have happened in the case of Bitcanal...
> with a lot of help from a lot of concerned netizens. Why should a case
> like this be any different? This guy needs to be gone. I'm perfectly
> OK with me repeatedly -finding- all of his shit, and then reporting it
> here or elsewhere. (It takes -me- less effort to find it that it takes
> -him- to set it all up.) The missing part of the puzzle is action, by
> the relevant providers.
> So, please help me to do a full takedown on this guy. Please.
> Thanks for listening.
> P.S. I do hope that everyone will have noticed that Digital Ocean is
> listed above as being among the set of providers that are giving service
> to one of this dickhead's name servers. I'll give them the benefit of
> the doubt and try to believe that they really did fully kick this guy
> to the curb last month, not long after I bitched about him here. Even
> if that's the case however, he has clearly managed to sneak back on to
> Digital Ocean's network.
> So, obvious question: Whose fault is that?
> About ten years ago I had my one and only European Vacation. I was shocked
> when, in France, I went to buy a cheap cell phone that would work on French
> networks and they ASKED ME FOR MY PASSPORT. It wasn't a problem. It just
> seemed weird because I was unaccustomed to this extra level of security.
> So, I have to ask: Why does one need to demonstrate one's identity to a
> greater degree if one buys a simple cell phone, as opposed to, say, buying
> a hosting account, late on a Friday, after which you may immediately start
> spamming and then spam one's brains out, to all seven billion people on
> planet if desired, before the regular staff at the hosting company even
> back in to work on Monday morning?
> If there's a universe in which this all makes sense, then all I can say is
> that I personally am not in that one.
> End of NANOG Digest, Vol 135, Issue 21
-------------- next part --------------
An HTML attachment was scrubbed...