Security Incidents mailing list archives
Re: How to cope with, uhm, "mentally challenged" abuse personnel?
From: Blake Frantz <blake () MC NET>
Date: Sat, 3 Mar 2001 15:07:43 -0600
Hello, I have experienced a similar situation with UU.net. A UU.net *router* was trying to communicate with one of our core routers via TCP on a wide range of arbitraty ports. When asked, UU.net responded with "The type of internet traffic you describe appears to be of normal origin." and referred me to RFC 792 (ICMP) - I almost fell off my chair. None the less, after we recieved their response the activity stopped. Purhaps this is the same in your case, a first level abuse manager sends out a generic email to passify wouldbe admins and escalates the incident. Just a thought. Blake ================================================================= The Government, like diapers, should be replaced regularly, and often for the same reasons. On Sat, 3 Mar 2001, Ralf G. R. Bergs wrote:
Hi there, I have to report about 1 incident per day that is caused by ip addresses assigned to UUnet. Mostly it's sweeps across our whole class C, sometimes ICMP, sometimes even scans for 111/UDP. NONE of our LAN IPs EVER leave our LAN, since altho they're IPs officially assigned to us I masquerade (NAT) them at our router. The usual answer I receive from UUnet is the following: "The type of internet traffic you describe appears to be of normal origin." As I explained above NONE of our LAN IPs ever can be seen outside of our LAN, so HOW ON EARTH should this be "of normal origin???" Frankly I'm fed up with this kind of replies. I don't know whether it's just that the abuse personnel simply is underqualified for their job, or whether it's they simply can't cope with the growing number of incidents caused by their customers, but I don't feel like accepting this kind of ignorance. Any suggestions what I should do? If UUnet's personnel doesn't get their act together I could be forced to completely black-hole their respective subnets in our router. Thanks, Ralf -- Sign the EU petition against SPAM: L I N U X .~. http://www.politik-digital.de/spam/ The Choice /V\ of a GNU /( )\ Generation ^^-^^
Current thread:
- How to cope with, uhm, "mentally challenged" abuse personnel? Ralf G. R. Bergs (Mar 03)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Utopian Admin (Mar 03)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Ralf G. R. Bergs (Mar 06)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Blake Frantz (Mar 03)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Ralf G. R. Bergs (Mar 06)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Gary Maltzen (Mar 04)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Ralf G. R. Bergs (Mar 06)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Nicholas Bachmann (Mar 06)
- <Possible follow-ups>
- FW: How to cope with, uhm, "mentally challenged" abuse personnel? Tyrannis Von Nettesheim (Mar 05)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Ralf G. R. Bergs (Mar 06)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Travis Pugh (Mar 06)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Justin Shore (Mar 06)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Utopian Admin (Mar 03)