Security Incidents mailing list archives
Re: How to cope with, uhm, "mentally challenged" abuse personnel?
From: Gary Maltzen <maltzen () MM COM>
Date: Sun, 4 Mar 2001 16:12:07 -0600
Could it be something about the way you report the incidents? In my initial report (to abuse-noverbose () uu net), I usually include a brief statement about why the activity I am reporting seems abnormal, even if "obvious". I typically report sweeps of our address space and other obvious exploit attempts. A typical response from UU NET is appended to this message.
I have to report about 1 incident per day that is caused by ip addresses assigned to UUnet. Mostly it's sweeps across our whole class C, sometimes ICMP, sometimes even scans for 111/UDP. NONE of our LAN IPs EVER leave our LAN, since altho they're IPs officially assigned to us I masquerade (NAT) them at our router. The usual answer I receive from UUnet is the following: "The type of internet traffic you describe appears to be of normal origin." As I explained above NONE of our LAN IPs ever can be seen outside of our LAN, so HOW ON EARTH should this be "of normal origin???" Frankly I'm fed up with this kind of replies. I don't know whether it's just that the abuse personnel simply is underqualified for their job, or whether it's they simply can't cope with the growing number of incidents caused by their customers, but I don't feel like accepting this kind of ignorance. Any suggestions what I should do? If UUnet's personnel doesn't get their act together I could be forced to completely black-hole their respective subnets in our router.
-------- UU NET response to one of my scanning reports --------- Dear Complainant(s): This is a follow-up message from the UUNET Internet Abuse Investigations Department to let you know the security incident referenced in the subject line above was researched and handled according to UUNET`s Service Agreement with its customers. If you wish to pursue legal action against this user, please have the authorities contact us for information on where to send a subpoena. If you incur additional security incidents that you believe orginate from a UUNET customer, please report them as seperate incidents to the appropriate email address below. Unless you wish to pursue further action, we will close this incident, but it can be re-opened at any time by replying to this email or referring to the ticket# above when calling UUNET Security Support. Sincerely, UUNET Internet Abuse Investigations Team 1-800-900-0241 UUNET 3060 Williams Dr., Fairfax, VA 22031 703-206-5440 security () uu net - Security Incidents http://www.uu.net abuse-mail () uu net - Massmail abuse-news () uu net - Usenet Abuse
Current thread:
- How to cope with, uhm, "mentally challenged" abuse personnel? Ralf G. R. Bergs (Mar 03)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Utopian Admin (Mar 03)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Ralf G. R. Bergs (Mar 06)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Blake Frantz (Mar 03)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Ralf G. R. Bergs (Mar 06)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Gary Maltzen (Mar 04)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Ralf G. R. Bergs (Mar 06)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Nicholas Bachmann (Mar 06)
- <Possible follow-ups>
- FW: How to cope with, uhm, "mentally challenged" abuse personnel? Tyrannis Von Nettesheim (Mar 05)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Ralf G. R. Bergs (Mar 06)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Travis Pugh (Mar 06)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Justin Shore (Mar 06)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Utopian Admin (Mar 03)