Security Incidents mailing list archives
Re: @home: Is *anyone* really home there???
From: jpapen () YAHOO COM (Jeffrey Papen)
Date: Thu, 24 Feb 2000 16:06:59 -0800
$soapbox = 1; It's so easy to cast stones when you don't know what's going on. It's amazing how many arm-chair quarterbacks are on this list. @Home is more than aware of the problems they have with their users. They are working on it, but the # of jerks w/ cable modems is much larger than they abuse groups can handle. They're adding something around 100,000 subscribers a month! Even if 0.1% of those are jerks, that's more new users every month causing problems than regularly contribute to this list. Is that an excuse? no. Does that make it ok? Absolutely not. But the fact remains that @Home will deal with these customers and is making every effort to get their own house in order so they can stop this network abuse. @Home doesn't advertise kicking people off the system or banning homes from ever having the service again for many legal/political reasons. Because it's not publicized, doesn't mean it's not happening. Everyone complaining on this mailing list also assumes that their one TCPDump will be sufficient evidence to win an expensive lawsuit if some PO'd subscriber sues for having their service removed or being accused of something they didn't do. You may laugh at this, but these are the issues that @Home has to deal with every day. Throw 20 different cable partners in the mix, each with their own paranoia and policies and the problem becomes that much more complex. Everyone complaining is also making a large assumption - that the IP address conducting the scan knows they are conducting an illegal activity. If some newbie with Linux and an @Home modem gets owned and starts attacking your system, should @Home ban that user for not setting up their system correctly? If that was the case, then 95% of their customers would be thrown out because they don't know what they're doing. My advice to you is that you're going to have no better luck telling @Home to fix their misbehaving users than you will telling every college in the world to not have rude users poking your defenses. For that matter, if we're going to pee in @Home's cheerios, let's throw daemon.co.uk off the net for what their users have done. Take matters into your own hand and secure yourself. If you're being mail bombed or ICMP flooded, then you have a legitimate complaint and you should pick up your phone and do something about it. Otherwise ignore scans. Who cares who knows that ports you run? If you rely on security through obscurity, then you deserve what you get. Don't assume that your one email will be some magic bullet. I'm amazed at how many times people say "I sent an email, why didn't they do anything about it?" Do you know how many emails @Home receives per day? At least 50% of the problem report emails I send to large ISPs fall through the cracks unless followed up with a phone call. Everyone used to (still does) hate AOL users because they had such poor netiquete. @Home is the new jerk on the block because users finally have the bandwidth and availability to make themselves a nuisance. Why doesn't DSL have the same complaints? Because they don't allow their users the same freedom that @Home does. They block users from running their own mail servers or having true IP-dialtone. They're also a smaller target, each with less of the internet population so a scan from them doesn't stand out. My advice to everyone is, unless you have a real DOS attack, quit bitchin' and spend that energy locking down your site. $soapbox = 0; - Jeffrey --- "Maniac ." <m_a_n_i_a_c_ () HOTMAIL COM> wrote:
I agree. I went off on a rant a while back on this list (I think) about @home and their lack of caring about their customers actions. I hate to say this or even condone it, but maybe its time people started taking care of these idiots with cable modems ouselves. Seeing how @home doesn't care and all.... Just my $.02little being done. IMHO, @Home's network is poorly managed and their support is next to useless. Unfortunately for me, DSL is not an option at this time. -- Jim Littlefield "One time I went to a museum where all the work in the museum had been done by children. They had all the paintings up on refrigerators." - Steven Wright______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
===== Yahoo Network Engineering work: 408-616-3897 page: 408-619-0572 cell: 650-580-2684 email: jeffrey () papen com beep: page-jeffrey () papen com __________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com
Current thread:
- Re: @home: Is *anyone* really home there??? Maniac . (Feb 23)
- Re: @home: Is *anyone* really home there??? The Undernet Bonk (Feb 24)
- Received message from Russian hackers David Meissner (Feb 25)
- <Possible follow-ups>
- Re: @home: Is *anyone* really home there??? Jeffrey Papen (Feb 24)
- Re: @home: Is *anyone* really home there??? Jeffrey Papen (Feb 24)
- Re: @home: Is *anyone* really home there??? Wozz (Feb 25)
- Re: @home: Is *anyone* really home there??? Greg A. Woods (Feb 28)
- Re: @home: Is *anyone* really home there??? Wozz (Feb 28)
- Re: @home: Is *anyone* really home there??? David Kennedy CISSP (Feb 28)
- TIS and fingerprinting Dino Amato (Feb 28)
- Re: @home: Is *anyone* really home there??? Wozz (Feb 28)
- Re: @home: Is *anyone* really home there??? Wozz (Feb 25)
- ssh wierdness spiff (Feb 26)
- Re: ssh wierdness Markus Friedl (Feb 28)