Security Incidents mailing list archives

Re: blackholing t-dialin.net? sympatico.ca?

From: Bill Royds <Bill_Royds () PCH GC CA>
Date: Wed, 7 Mar 2001 21:35:23 -0500

Sympatico.ca is the largest Canadian ISP (owned by Bell Telephone) and is the
main ADSL supplier in Canada so you have a good chance of the sweep coming from
sympatico if it comes from Canada at all.
I have good results if you phone their NOC at +1 (800) 565-0567.





Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU> on 03/07/2001 15:33:17

Please respond to Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>



 To:      INCIDENTS () SECURITYFOCUS COM

 cc:      (bcc: Bill Royds/HullOttawa/PCH/CA)



 Subject: blackholing t-dialin.net? sympatico.ca?






well, like many of you, i continue to receive FTP and sometimes telnetd
sweeps from sympatico.ca and t-dialin.net. so far i haven't had a
compromise on a machine under my watch (due to access controls) from these
domains, but the continued scanning gets annoying.

i'm not one who thinks that service sweeps are worth leaving as
"background noise", or worth getting all in a huff about.

i am, however, of the sentiment that both sympatico.ca and t-dialin.net
have repeatedly shown unneighborly behavior by not addressing, in one form
or another, continued activities that are typical of preludes to attacks.

[at worst it's probably some kid with too much time on his hands, and
should be discouraged from going down the road that leads to breaking the
law. it's probably a compromised account or machine to blame, though.]

sympatico.ca is marginally better than t-dialin.net in the folowing
respects: i alerted them to some sweeps in early october, 2000, and
received a reply in january, 2001. and their AUP seems to be as good as
any AUP can be: http://www1.sympatico.ca/help/About/terms.html ...

t-dialin.net, however, has been the source of many probes for many of us
on this list, yet a quick attempt to find their AUP leaves me lacking.
(was it t-dialin.net who has the 'port scans are ok with us!' AUP?)

still, this situation continues. is it worth starting to block their
dialin netblocks?

frankly, i'd love it, and i think many of you would, as well, if reps from
t-dialin.net and sympatico.ca spoke up here and addressed these continuing
issues.

thanks,

____________________________
jose nazario                                  jose () cwru edu
                    PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
                           PGP key ID 0xFD37F4E5 (pgp.mit.edu)

Current thread:

blackholing t-dialin.net? sympatico.ca? Jose Nazario (Mar 07)
- Re: blackholing t-dialin.net? sympatico.ca? Daniel R. Warner (Mar 07)
- AW: blackholing t-dialin.net? sympatico.ca? Jens Thiel (Mar 07)
- Re: blackholing t-dialin.net? sympatico.ca? Steffen Dettmer (Mar 09)
- <Possible follow-ups>
- Re: blackholing t-dialin.net? sympatico.ca? Bill Royds (Mar 07)
- Re: blackholing t-dialin.net? sympatico.ca? Robert G. Ferrell (Mar 08)
  - Re: blackholing t-dialin.net? sympatico.ca? Jose Nazario (Mar 08)