Security Incidents mailing list archives
Re: blackholing t-dialin.net? sympatico.ca?
From: Bill Royds <Bill_Royds () PCH GC CA>
Date: Wed, 7 Mar 2001 21:35:23 -0500
Sympatico.ca is the largest Canadian ISP (owned by Bell Telephone) and is the main ADSL supplier in Canada so you have a good chance of the sweep coming from sympatico if it comes from Canada at all. I have good results if you phone their NOC at +1 (800) 565-0567. Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU> on 03/07/2001 15:33:17 Please respond to Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU> To: INCIDENTS () SECURITYFOCUS COM cc: (bcc: Bill Royds/HullOttawa/PCH/CA) Subject: blackholing t-dialin.net? sympatico.ca? well, like many of you, i continue to receive FTP and sometimes telnetd sweeps from sympatico.ca and t-dialin.net. so far i haven't had a compromise on a machine under my watch (due to access controls) from these domains, but the continued scanning gets annoying. i'm not one who thinks that service sweeps are worth leaving as "background noise", or worth getting all in a huff about. i am, however, of the sentiment that both sympatico.ca and t-dialin.net have repeatedly shown unneighborly behavior by not addressing, in one form or another, continued activities that are typical of preludes to attacks. [at worst it's probably some kid with too much time on his hands, and should be discouraged from going down the road that leads to breaking the law. it's probably a compromised account or machine to blame, though.] sympatico.ca is marginally better than t-dialin.net in the folowing respects: i alerted them to some sweeps in early october, 2000, and received a reply in january, 2001. and their AUP seems to be as good as any AUP can be: http://www1.sympatico.ca/help/About/terms.html ... t-dialin.net, however, has been the source of many probes for many of us on this list, yet a quick attempt to find their AUP leaves me lacking. (was it t-dialin.net who has the 'port scans are ok with us!' AUP?) still, this situation continues. is it worth starting to block their dialin netblocks? frankly, i'd love it, and i think many of you would, as well, if reps from t-dialin.net and sympatico.ca spoke up here and addressed these continuing issues. thanks, ____________________________ jose nazario jose () cwru edu PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu)
Current thread:
- blackholing t-dialin.net? sympatico.ca? Jose Nazario (Mar 07)
- Re: blackholing t-dialin.net? sympatico.ca? Daniel R. Warner (Mar 07)
- AW: blackholing t-dialin.net? sympatico.ca? Jens Thiel (Mar 07)
- Re: blackholing t-dialin.net? sympatico.ca? Steffen Dettmer (Mar 09)
- <Possible follow-ups>
- Re: blackholing t-dialin.net? sympatico.ca? Bill Royds (Mar 07)
- Re: blackholing t-dialin.net? sympatico.ca? Robert G. Ferrell (Mar 08)
- Re: blackholing t-dialin.net? sympatico.ca? Jose Nazario (Mar 08)