Hey Mike,
thank you for your support.
On Sat, Mar 19, 2011 at 06:16:45PM -0700, Mike Perry wrote:
It is quite possible that lunatics like these will just make up abuse reports and send them to ISPs that look like they might cave. It is very interesting that our higher bandwidth exits that *do* exit to IRC are not hearing from them right now.
I still don't understand why they report an IRC bot if the target port is port 80.
What is their network topology like? Do they cycle through their honeypots?
I don't know. How could we find out?
iptables is especially bad if you have the situation where what was once a honeypot one week turns into a legitimate server the next. OTOH, exit policy is bad if you end up with a ton of entries in it...
Yes, I agree. Up to now it's only the 8 IPs that Damian obtained from robtex. I block them both via exit policy and iptables (just to be sure...)
This may be an issue. If the zealots believe that they can intimidate your ISP to knock you offline, they may keep sending nonsense reports to do so, declaring victory that one more tor node bites the dust... Not sure what to tell you about this. If they succeed, perhaps it's just new ISP time?
I think, the larger problem then is that "one more ISP bites the dust".
Let's see what happens.
regards
Alex