Watch For This Ip! Bandwidth Sucker

[Trekkie101 0]

My site was recently attacked by an IP, it sucked a rather large ammount of bandwidth in a short time, just so you all know, and you can block it already.

http://forums.xisto.com/no_longer_exists/ Has more details,

If you wish to ban it from your site, cPanel -> IP Deny Manager -> Add 65.19.150.251

If you have also noticed bandwidth jumps, awstats has the details, check that and it should give you some IP's, if you notice 65.19.150.251 then please tell us here.

I believe the Asta admins are also checking the server logs and perhaps taking action to block this IP from the server.

[warbird1405241485 0]

Thanks for the warning Trekkie. I blocked it immediately so it can't cause any damage. I hope it will not attack the Xisto servers because I'm gonna kill him for that -=jeroen=-

[Deleted Member 6808 0]

thanks for the tip!

[Spl1teR 0]

Thanks for the warning Trekkie !! I blocked it right now so it can't make any damage. I hope the idiot that do this have more ip's ! if, i Will kill him

[Trekkie101 0]

After banning the IP, my bandiwdth use has dropped a lot. Although, im still at 7% of my limit and its only the 4th!but thats due to a recent surge of images on my forum, im sure ill manage the month.

[runefantasy 0]

Why don't you try emailing their tech support and tell them the user at 65.19.150.251 was doing it? their email is hostmaster@he.net

[Trekkie101 0]

We already dicussed that route, it seems thats fake information the whois.s

[cyborgxxi 0]

Thanks for the warning! :PBut someone tell me, is this an illegal action? Sucking bandwidth? I mean, it's just wasting something of someone that they really need and you don't even care about the damage you have done. That should receive a punishment... at least.Banning an IP address is one punishment but wow... just sucking up someone's bandwidth!! Is it possible to track this IP and inform this to its Internet Service Provider company? I'm sure they will do something about it...

[Klass 0]

this looks to be the ISP

NeoTrace Trace  Version 3.25  ResultsTarget: 65.19.150.251
Date: 8/11/2005 (Thursday), 12:17:53 PM
Nodes: 16


Node Data
Node Net Reg IP Address      Location            Node Name
  13  1  1 64.200.139.154  Los Angeles        lsanca3lcx1-hurricane-gige.wcg.net


Packet Data
Node High Low  Avg  Tot  Lost
  13  100  100  100    1    0


Network Data
Network id#: 1

OrgName:    Williams Communications, Incorporated
OrgID:      WLCO
Address:    One Williams Center
City:      Tulsa
StateProv:  OK
PostalCode: 74172
Country:    US

NetRange:  64.200.0.0 - 64.200.255.255
CIDR:      64.200.0.0/16
NetName:    WCG-BLK-1
NetHandle:  NET-64-200-0-0-1
Parent:    NET-64-0-0-0-0
NetType:    Direct Allocation
NameServer: STLDNS1.WCG.NET
NameServer: TULDNS1.WCG.NET
Comment:    TO REPORT ABUSE, PLEASE CONTACT : ABUSE@WCG.NET
RegDate:    2000-03-21
Updated:    2002-11-06

TechHandle: CS1473-ARIN
TechName:  Smith, Cindy
TechPhone:  +1-314-595-6081
TechEmail:  cindy.k.smith@wiltel.com

TechHandle: TFR1-ARIN
TechName:  Friese, Todd
TechPhone:  +1-314-595-6093
TechEmail:  todd.friese@wcg.com

OrgTechHandle: CS1473-ARIN
OrgTechName:  Smith, Cindy
OrgTechPhone:  +1-314-595-6081
OrgTechEmail:  cindy.k.smith@wiltel.com

  ARIN WHOIS database, last updated 2005-06-23 19:10


Registrant Data
Registrant id#: 1
NOTICE AND TERMS OF USE: You are not authorized to access or query our WHOIS
database through the use of high-volume, automated, electronic processes. The
Data in Network Solutions' WHOIS database is provided by Network Solutions for information
purposes only, and to assist persons in obtaining information about or related
to a domain name registration record. Network Solutions does not guarantee its accuracy.
By submitting a WHOIS query, you agree to abide by the following terms of use:
You agree that you may use this Data only for lawful purposes and that under no
circumstances will you use this Data to: (1) allow, enable, or otherwise support
the transmission of mass unsolicited, commercial advertising or solicitations
via e-mail, telephone, or facsimile; or (2) enable high volume, automated,
electronic processes that apply to Network Solutions (or its computer systems). The
compilation, repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of Network Solutions. You agree not to use
high-volume, automated, electronic processes to access or query the WHOIS
database. Network Solutions reserves the right to terminate your access to the WHOIS
database in its sole discretion, including without limitation, for excessive
querying of the WHOIS database or for failure to otherwise abide by this policy.
Network Solutions reserves the right to modify these terms at any time.


Registrant:
Williams Communications Group
  111 E. 1st ST.
  Tulsa, OK 74103-2808
  US

  Domain Name: WCG.NET

  Administrative Contact:
      Center, Network Operations  noc@wcg.net
      Wiltel Communications
      3180 Rider Trail South
      Bridgeton, MO 63045
      US
      800-934-8434

  Technical Contact:
      Center, Network Operations  noc@wcg.net
      Wiltel Communications
      3180 Rider Trail South
      Bridgeton, MO 63045
      US
      800-934-8434

  Record expires on 12-Feb-2006.
  Record created on 11-Feb-1997.
  Database last updated on 24-Jun-2005 15:22:18 EDT.

  Domain servers in listed order:

  STLDNS1.WCG.NET              64.200.241.28
_____
NeoTrace Copyright Š1997-2001 NeoWorx Inc

and the offending company:

NeoTrace Trace  Version 3.25  ResultsTarget: 65.19.150.251
Date: 8/11/2005 (Thursday), 12:19:06 PM
Nodes: 16


Node Data
Node Net Reg IP Address      Location            Node Name
  14  1  1 65.19.129.1    Sunnyvale          pos3-2.gsr12416.pao.he.net


Packet Data
Node High Low  Avg  Tot  Lost
  14  99  99  99    1    0


Network Data
Network id#: 1

OrgName:    Hurricane Electric
OrgID:      HURC
Address:    760 Mission Court
City:      Fremont
StateProv:  CA
PostalCode: 94539
Country:    US

NetRange:  65.19.128.0 - 65.19.191.255
CIDR:      65.19.128.0/18
NetName:    HURRICANE-4
NetHandle:  NET-65-19-128-0-1
Parent:    NET-65-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.HE.NET
NameServer: NS2.HE.NET
NameServer: NS3.HE.NET
Comment:    ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate:    2002-04-17
Updated:    2003-10-09

TechHandle: ZH17-ARIN
TechName:  Hurricane Electric
TechPhone:  +1-510-580-4100
TechEmail:  hostmaster@he.net

OrgTechHandle: ZH17-ARIN
OrgTechName:  Hurricane Electric
OrgTechPhone:  +1-510-580-4100
OrgTechEmail:  hostmaster@he.net

  ARIN WHOIS database, last updated 2005-08-10 19:10


Registrant Data
Registrant id#: 1
NOTICE AND TERMS OF USE: You are not authorized to access or query our WHOIS
database through the use of high-volume, automated, electronic processes. The
Data in Network Solutions' WHOIS database is provided by Network Solutions for information
purposes only, and to assist persons in obtaining information about or related
to a domain name registration record. Network Solutions does not guarantee its accuracy.
By submitting a WHOIS query, you agree to abide by the following terms of use:
You agree that you may use this Data only for lawful purposes and that under no
circumstances will you use this Data to: (1) allow, enable, or otherwise support
the transmission of mass unsolicited, commercial advertising or solicitations
via e-mail, telephone, or facsimile; or (2) enable high volume, automated,
electronic processes that apply to Network Solutions (or its computer systems). The
compilation, repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of Network Solutions. You agree not to use
high-volume, automated, electronic processes to access or query the WHOIS
database. Network Solutions reserves the right to terminate your access to the WHOIS
database in its sole discretion, including without limitation, for excessive
querying of the WHOIS database or for failure to otherwise abide by this policy.
Network Solutions reserves the right to modify these terms at any time.


Registrant:
Hurricane, Electric
  Hurricane Electric Hostmaster
  Hurricane Electric
  760 Mission Court
  Fremont, CA 94539
  US

  Domain Name: HE.NET

  Administrative Contact, Technical Contact:
      Hurricane Electric  hostmaster@he.net
      Hurricane Electric
      760 Mission Court
      Fremont, CA 94539
      US
      510 580 4100 fax: 510 580 4151

  Record expires on 30-Jul-2011.
  Record created on 31-Jul-1995.
  Database last updated on 11-Aug-2005 12:07:37 EDT.

  Domain servers in listed order:

  NS1.HE.NET                  216.218.130.2
  NS2.HE.NET                  216.218.131.2
_____
NeoTrace Copyright Š1997-2001 NeoWorx Inc

[cyph3r 0]

Thankx for the info m8 .. But i really dont understand the idea of blocking an IP ? i mean agreed if its from a source like DSL .. but what if sumone does this tru a modem ? his IP keeps on changing and its kinda impossible for him to be tracked .. besides if the service provider has logged his IP in their servers .. isnt it obvious that the IP would have expired .. ?I mean that in some countries they really dont log IPs .. and if they do they just log it with time .. keeping a log with user ID inclusive is something all ISP should do i guess .. Newayz i blocked this IP .. and thankx for the info once again .. if anything comes up .. please update us Cheers ...

[Klass 0]

How would a dialup user suck up your bandwidth?They can only do 56kbps and that is on a sunny day no rain clouds or ants or moles to interfere and hoping the copper wire is somewhat good and not rusted, corrodied, or cracking.at the least they could suck 48kbpbs from you but that will not even do a scratch to your bandwidth.The bandwidth suckers are DSL, Cable, T1's+Most likly it is a T1 user since the IP is coming from a company and not an ISP

[rantsh 0]

Thankx for the info m8 ..

 

But i really dont understand the idea of blocking an IP ? i mean agreed if its from a source like DSL .. but what if sumone does this tru a modem ? his IP keeps on changing and its kinda impossible for him to be tracked .. besides if the service provider has logged his IP in their servers .. isnt it obvious that the IP would have expired .. ?

 

I mean that in some countries they really dont log IPs .. and if they do they just log it with time .. keeping a log with user ID inclusive is something all ISP should do i guess ..

 

Newayz i blocked this IP .. and thankx for the info once again .. if anything comes up .. please update us

 

Cheers ...

<{POST_SNAPBACK}>

well just to let you know Hurricane Electric is a hosting service, and thus, this is a fixed IP, I know because I used to work for a company that had business with them.

 

Now what I can't understand is what is the purpouse of sucking someone elses bandwith ?.? I mean, I don't think they were exchangin files with you or anything, if anyone knows please illustrate me

[ur2eatmeat 0]

thanks for the warning...More people should Give warning out.. not just for IPs...but for Things like certain e-mails.. Or links..

[iGuest 3]

Dude, why are you so pissed off about bandwidth? If someone cared enough about hypothetic site and read it often, I would be flattered. Do you know what a website is for? The sole purpose of a website is to share and exchange information - not so you would have a site to call your own. I am shocked and appalled that you would call yourself a webmaster. "Please don't hate me, I'm only protecting your bandwidth!" Bandwidth, my *bottom*! If you can make 2,000 people go to your site regularly and actually care about what you have to say, then that's a cause for celebration. But no, you only care about the most USELESS, pathetic thing, bandwidth. Your site is like your fingernail, I mean, your face is dirty, your *bottom* has a bit of crap that needs wiping, but as long as your fingernail is clean, you think people will believe you're a really neat person. Now there's some food for thought about superficiality...