[RIPE Atlas Ambassadors] Notification for unauthorized access from 176.219.104.1

Hello,

I'm quite surprised that this mailing list showed up in any database as
being responsible in any way for IP addresses.

Clarification on why the IP, and the name of RIPE Atlas may have
appeared on the radar in the first place: RIPE Atlas is constantly doing
"topology measurements" [1], meaning it traceroutes to various targets
over time [2]. If the IP mentioned below appeared in this list, it was
tracerouted to by one or more RIPE Atlas probes.

I believe the best course of action, if you suspect ill behaviour from
that particular IP, is to contact the correct abuse address mentioned by
others in this thread.

Regards,
Robert


[1] see https://atlas.ripe.net/docs/built-in/ measurements 5051, 5151,
6052, 6152
[2] the list contains basically the ".1" of all routed prefixes seen in
BGP. The host name topology4.dyndns.atlas.ripe.net resolves to these IPs
in a round-robin fashion.


On 2020-01-14 12:47, saito-miori-ck at ynu.jp wrote:
> Hello,
> 
>  
> 
> We are researchers from Japan working on cyber security
> 
> at Yokohama National University.
> 
>  
> 
> Our current research project aims to inform parties
> 
> who may be relevant to unauthorized accesses that our
> 
> monitoring system (honeypot) have observed.
> 
>  
> 
>  
> 
> --- Observed Unauthorized Access ---
> 
> Date and time: 2020-01-01 22:12:43.657569 UTC
> 
> Observed IP address: 176.219.104.1
> 
> Observed activity: Telnet login attempt
> 
>  
> 
>  
> 
> --- How we obtained your contact point ---
> 
> 1) We first obtained domain topology4.dyndns.atlas.ripe.net. resolved
> from the
> 
> observed IP address 176.219.104.1 by using passive DNS Database,
> 
> DNSDB (https://www.dnsdb.info/).
> 
> 2) We then searched the domain ripe.net in the Email address
> 
> database (https://hunter.io/search) and obtained this Email address.
> 
>  
> 
>  
> 
> For evaluating the validity of this contact point,
> 
> it would be great if you could help our study by
> 
> answering the questions on our web page or by sending Email to us.
> 
>  
> 
> - On Web page
> 
> Please access to our web page
> 
> (https://ipsr.ynu.ac.jp/notification/BuzDNF/index.html)
> 
> and answer questions.
> 
>  
> 
> - By Email
> 
> Please send your answers to the following questions to
> 
> ynugr-notify at ynu.ac.jp
> 
> with your Notification ID: BuzDNF
> 
>  
> 
>  
> 
> [Questions]
> 
>  
> 
> Notification ID: BuzDNF
> 
>  
> 
> Q1. Do you think you are relevant parties of the IP addresses
> 
> that we have observed unauthorized access from?
> 
>  
> 
> a) Relevant
> 
> b) NOT relevant
> 
> c) Don't know
> 
>  
> 
> Q2. Do you want to receive notification from us if we observe
> 
> more unauthorized access from this IP address in the future?
> 
>  
> 
> a) Yes
> 
> b) No
> 
>  
> 
>  
> 
> --- More Detail Information ---
> 
> If you need further information or if you have any other questions,
> 
> please contact us ynugr-notify at ynu.ac.jp.
> 
>  
> 
> Best regards,
> 
>  
> 
> Security Notification Research Team, Yoshioka Lab
> 
> Research Center for Information and Physical Security
> 
> Yokohama National University, Japan
> 
> Email: ynugr-notify at ynu.ac.jp
> 
> URL: https://ipsr.ynu.ac.jp/notification/BuzDNF/index.html
> 
> 
> _______________________________________________
> RIPE-Atlas-Ambassadors mailing list
> RIPE-Atlas-Ambassadors at ripe.net
> https://mailman.ripe.net/
>