Security Incidents mailing list archives
Re: @home: Is *anyone* really home there???
From: prmoyer () EARTHLINK NET (Philip R. Moyer)
Date: Wed, 23 Feb 2000 12:43:11 -0500
Jim Littlefield writes:
Unless @Home gets lots of complaints regarding a particular user, they do very little, if anything. Spam and open NNTP servers are the only complaints that they appear to act on. I am an @Home customer and was getting repeated entire port range scans from another @Home customer located in the next town. I blasted off a complaint and received nothing in return. A telephone call to @Home and multiple conversations with a number of "supervisors" resulted in very little being done. IMHO, @Home's network is poorly managed and their support is next to useless. Unfortunately for me, DSL is not an option at this time.
This is a very interesting observation. Several months ago, when @home service became available in our area, I looked into getting service from them. I am an information security consultant, so in the course of my various engagements I need to connect to remote machines using "nonstandard services" (like SSH oooh, aaah), sometimes portscanning them, and sometimes conducting full-blown penetration tests. This is strictly against the @home acceptable use policy. It says (I must paraphrase so they don't sue me) that any use or distribution of security tools like password crackers, scanners, or sniffers is forbidden. The actual reference, if you want to check my interpretation, is http://www.home.com/support/aup/, in the section titled "Security," paragraph two, last sentence. :-) Well, that's part of what I do for a living, with the full understanding and consent of the target system owners. I called the @home sales people, who passed me up several levels of supervisor, until someone finally told me, "if that's what you do, then you aren't welcome as an @home subscriber." I find it interesting and discouraging that @home apparently feels free to harbor hackers and other criminals, but will not offer services to security professionals. I guess we just have to mark them down as "bad guys" until they learn to play nice on the Net. Cheers, Phil
Current thread:
- Re: rooted, (continued)
- Re: rooted Omachonu Ogali (Feb 23)
- Re: rooted Administrator (Feb 23)
- Being Hacked?! Please Help!! Francis Lee (Feb 24)
- Re: rooted John Kougoulos (Feb 24)
- Re: smurf scanning Rick Magill (Feb 23)
- @home: Is *anyone* really home there??? Missouri FreeNet Administration (Feb 22)
- Re: @home: Is *anyone* really home there??? Omachonu Ogali (Feb 22)
- Re: @home: Is *anyone* really home there??? Jim Littlefield (Feb 23)
- Re: @home: Is *anyone* really home there??? James M. Atkinson, Comm-Eng (Feb 23)
- Re: @home: Is *anyone* really home there??? David Brumley (Feb 23)
- Re: @home: Is *anyone* really home there??? Philip R. Moyer (Feb 23)
- Re: @home: Is *anyone* really home there??? Jim Littlefield (Feb 23)
- Re: @home: Is *anyone* really home there??? Brad Griffin (Feb 24)
- Re: @home: Is *anyone* really home there??? Jon Paul, Nollmann (Feb 26)
- Re: @home: Is *anyone* really home there??? Thomas Molina (Feb 24)
- IMAPD probe from 210.242.175.223 (sampa.org.tw) David A. Bandel (Feb 23)