[Noisebridge-discuss] FBI stopped by and said Hi and that there was a cyber threat from noisebridge, Feb. 21 2012 around 9pm

Jonathan Lassoff jof at thejof.com
Mon Feb 27 02:43:05 UTC 2012


On Sun, Feb 26, 2012 at 6:25 PM, Andy Isaacson <adi at hexapodia.org> wrote:
> The problem is, we want to convey the following:
>
> 1. email admin at noisetor.net for issues with these IPs.
> 2. call $PHONENUMBER if that's not fast enough.
> 3. If you *must* go somewhere here's our Market St address.
>
> We've had two contacts so far where the results have been:
>
> 1. they email our upstream rather than us, delaying the response.
> 2. they call a different number.
> 3. they come to 2169 for issues about noisetor.
>
> I agree, clarification may be in order.  Anybody care to look at the
> whois info on 173.254.216.66 aka exit-01a.noisetor.net and let us know
> how to make it clearer?

Well, FWIW, the whois record being served from ARIN lists an address
being 2169 which somewhat contradicts #3 above.

Perhaps much of what they do is automated parsing of this data, and
they just go for whichever immediately-subordinate organization from
ARIN is listed for the space.

It looks like 173.254.216.64/27 is SWIP'ed in WHOIS from "Quadranet",
based in LA.

Perhaps contact them and have them add information in WHOIS for this
SWIPed subnet?
You're allowed to add a comments field.

I like what EC2 lists for dynamic space of theirs:
http://whois.arin.net/rest/net/NET-50-16-0-0-1/
It tells you what information one would need to track down users, if
someone is going to compel the divulsion of it.



More information about the Noisebridge-discuss mailing list