Results 1 to 15 of 15
  1. #1
    Join Date
    Feb 2004
    Posts
    491

    Angry peg tech is a darknet? massive bandwidth suck

    Just a head's up you may want to block peg tech

    Sucking huge amounts of bandwidth from our servers from all over their ip ranges. Not sure how these guys aren't in jail since they are in USA

    Cannot find a single good thing about them in any database.

    http://whois.arin.net/rest/org/PT-82
    http://whois.arin.net/rest/org/PT-82/nets

    192.74.224.0/19
    199.180.100.0/22
    199.188.104.0/21
    142.4.96.0/19
    142.0.128.0/20
    198.200.32.0/19

    Peg Tech Inc. San Jose, CA.
    Active officers include Feng Yan.
    Peg Tech Inc. filed as a Articles of Incorporation on Tuesday, March 20, 2012 in the state of California

    Filings: Articles of Incorporation (CA - Active)
    State of Record: CA
    State Reference ID: 03452099
    File Date: Tuesday, March 20, 2012

  2. #2
    Join Date
    May 2005
    Location
    Washington State
    Posts
    6

    Peg Tech today

    YOur link from ARIN shows more nets; list now is

    PT-82-5 (NET-192-74-224-0-1) 192.74.224.0 - 192.74.255.255
    PT-82-2 (NET-199-180-100-0-1) 199.180.100.0 - 199.180.103.255
    PT-82-1 (NET-199-188-104-0-1) 199.188.104.0 - 199.188.111.255
    PT-82-4 (NET-142-4-96-0-1) 142.4.96.0 - 142.4.127.255
    PT-82-3 (NET-142-0-128-0-1) 142.0.128.0 - 142.0.143.255
    PT-82-6 (NET-198-200-32-0-1) 198.200.32.0 - 198.200.63.255
    PT-82-7 (NET-198-2-192-0-1) 198.2.192.0 - 198.2.255.255
    PT-82-8 (NET-137-175-0-0-1) 137.175.0.0 - 137.175.127.255

  3. #3
    Join Date
    Feb 2004
    Posts
    491
    Thanks for the alert.

    Sheesh someone gave them half a b-block.

    Adding 137.175.0.0/17
    and 198.2.192.0/18

  4. #4
    Join Date
    May 2005
    Location
    Washington State
    Posts
    6

    So how does one block Peg Tech Inc best?

    Quote Originally Posted by GuyRCook View Post
    YOur link from ARIN shows more nets; list now is

    PT-82-5 (NET-192-74-224-0-1) 192.74.224.0 - 192.74.255.255
    PT-82-2 (NET-199-180-100-0-1) 199.180.100.0 - 199.180.103.255
    PT-82-1 (NET-199-188-104-0-1) 199.188.104.0 - 199.188.111.255
    PT-82-4 (NET-142-4-96-0-1) 142.4.96.0 - 142.4.127.255
    PT-82-3 (NET-142-0-128-0-1) 142.0.128.0 - 142.0.143.255
    PT-82-6 (NET-198-200-32-0-1) 198.200.32.0 - 198.200.63.255
    PT-82-7 (NET-198-2-192-0-1) 198.2.192.0 - 198.2.255.255
    PT-82-8 (NET-137-175-0-0-1) 137.175.0.0 - 137.175.127.255
    We know their addresses and since the government won't address it as a problem, how do we block them?

  5. #5
    Join Date
    Feb 2004
    Posts
    491
    Quote Originally Posted by GuyRCook View Post
    We know their addresses and since the government won't address it as a problem, how do we block them?
    If it's beyond your skill, you need to ask your host to install a firewall on your server like http://configserver.com/cp/csf.html and add the cidr list that I posted to it's blocklist

  6. #6
    Thanks for the heads up.

  7. #7
    I finally managed to get mod_security and our apps to play nice (ie. very few false positives, and no apparent blocking of legitimate requests) and I encountered Peg Tech and thus this forum thread.

    My understanding is that Peg Tech operates a proxy in the USA for various Chinese users, one of which found a particular liking to a single URL on one of our sites for their SQL attack script.

    Here are Whois lookups of some of the IPs that were triggering mod_security with various SQL injection attacks.

    198.2.213.68, 198.2.213.100, 198.2.213.137 China Beijing China Outcom-urhosts.net
    192.74.239.52 United States San Jose Xs
    142.4.118.19 United States San Jose Anxin
    192.74.228.106 United States San Jose Jitesi
    192.74.239.102 United States San Jose China Outcom-urhosts.net
    108.186.5.129 China Outcom-urhosts.net
    108.186.6.17 China Outcom-urhosts.net
    108.186.5.81 AS54600 PEGTECHINC - PEG TECH INC (registered Apr 03, 2012)
    142.0.132.180 United States San Jose Vpsbus
    58.55.127.238 China Wuhan Chinanet Hubei Province Network <-- this one is not Peg Tech, but same attack vector is used and the same obscure URL is targeted - perhaps their script failed to connect to Peg Tech? :-)

    Who is the best organization to contact with regard to sanctioning or blocking of all of Peg Tech due to various violations?

  8. #8
    ...and here is what appears to be powering them - as a noob I of course cannot link...Insert dots where appropriate.

    www raksmart com

    Looks formidable... and legitimate, however they do seem to attract bad users and are evidently very lax about enforcing any usage guidelines that they may have, unless they go something like "Hack, spam, do it."

  9. #9
    Just banned their ranges today, tons of requests hitting wp-login.php - as mentioned above, looks like they're providing proxy service for malicious activities.
    NMSERVERS - managed hosting, administration, performance analysis and system security services

  10. #10

    Brute Force Attacks

    This is my number one blocked IP for brute force attacks

  11. #11
    Join Date
    Feb 2004
    Posts
    491
    someone just keeps giving these clowns new routes

    latest

    PT-82-1 (NET-199-188-104-0-1) 199.188.104.0 - 199.188.111.255
    PT-82-2 (NET-199-180-100-0-1) 199.180.100.0 - 199.180.103.255
    PT-82-3 (NET-142-0-128-0-1) 142.0.128.0 - 142.0.143.255
    PT-82-4 (NET-142-4-96-0-1) 142.4.96.0 - 142.4.127.255
    PT-82-5 (NET-192-74-224-0-1) 192.74.224.0 - 192.74.255.255
    PT-82-6 (NET-198-200-32-0-1) 198.200.32.0 - 198.200.63.255
    PT-82-7 (NET-198-2-192-0-1) 198.2.192.0 - 198.2.255.255
    PT-82-8 (NET-137-175-0-0-1) 137.175.0.0 - 137.175.127.255
    PT-82-9 (NET-108-186-0-0-1) 108.186.0.0 - 108.186.255.255

    CIDR list:

    199.188.104.0/21
    199.180.100.0/22
    142.0.128.0/20
    142.4.96.0/19
    192.74.224.0/19
    198.200.32.0/19
    198.2.192.0/18
    137.175.0.0/17
    108.186.0.0/16

    even when they go under someday, these ranges are going to be toxic for years

  12. #12
    Quote Originally Posted by GuyRCook View Post
    We know their addresses and since the government won't address it as a problem, how do we block them?
    the government? I think you mean the authorities...

  13. #13

    peg tech

    Has anybody communicated with these guys? I've denied around 30 ip addresses in the past 2 weeks.

  14. #14
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    9,072
    Quote Originally Posted by cborgers View Post
    Has anybody communicated with these guys? I've denied around 30 ip addresses in the past 2 weeks.
    The only communication these guys need are a bat to the back of the head in a dark alley.

    Nothing but spam originates from their network and for shame on the transit providers who haven't cut them off yet!

  15. #15

    wrong peg tech

    I googled peg tech and came up with pegtech.com which is the wrong company. I didn't realize it and wrote them about the crawlers and scrapers. they wrote back quickly. here is what they wrote.

    We are aware of it and it is not us. More information can be found at:

    pegtech.com/component/content/article/2-uncategorised/30-spam-from-peg-tech-inc


    Then they wrote me another email saying:

    I am sorry that you are having problems with this spammer situation. Please be assured that we are working on it from our end, trying to get law enforcement to handle it, but you know how that is...

    Regards,
    Jason Cecchettini
    President
    Pegasus Technologies, Inc.

Similar Threads

  1. Replies: 6
    Last Post: 12-17-2009, 01:19 PM
  2. Hard reset on Sony Clie PEG TJ35/E1
    By zaax in forum Web Hosting Lounge
    Replies: 0
    Last Post: 11-03-2004, 03:06 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •