Re: @home: Is *anyone* really home there???

[wozz+incidents () WOOKIE NET (Wozz)]

Amen brother!

  I'm the head of the security department for a large nationwide
  cable modem provider that is in the exact same situation @home
  is.  We get hundreds and hundreds of complaints a day, often times
  about how someone's "hacking" them, when in fact, someone misdirected
  a web browser in their direction.  If a user is causing wide
  spread problems, scanning large network blocks, spaming, or
  actually comprimising a host then that user will be cancelled.
  But if one user, scans one person, and doesn't actually comprimise
  anything, the chances of it even coming up on my radar are very
  low.  Our department deals with the big problems first, the small
  problems last.  It amazes me how everyone with BlackIce installed
  on their computer suddenly thinks they are under attack and emails
  me 5 times a day complaining, because someone is pinging them.
  Yes, it would be ideal if every single person who thought about
  doing something bad were punished for it, but the fact of the
  matter is, unless its a widespread problem (scanning, spam), an
  actual comprimise, or we have an exceedingly large amount of spare
  time, we can't respond to every single complaint that arrives.
  We do keep track of users that receive complaints though, and if
  we notice a bad pattern, they will be cancelled.  I can only
  imagine the amount of complaints @home gets (they are about 5
  times the size of us) so I'm totally not surprised folks don't
  get responses back from them.  Bottom line, just because you're
  not getting a personal response, doesn't mean they aren't doing
  anything about it.  I'm here to keep our network secure, and keep
  our users from attacking others, not to respond (note i said
  respond, not act upon) to every single complaint.

On Thu, Feb 24, 2000 at 04:06:59PM -0800, Jeffrey Papen wrote:
> $soapbox = 1;
>
> It's so easy to cast stones when you don't know what's going on.  It's amazing
> how many arm-chair quarterbacks are on this list.
>
> @Home is more than aware of the problems they have with their users.  They are
> working on it, but the # of jerks w/ cable modems is much larger than they
> abuse groups can handle.  They're adding something around 100,000 subscribers a
> month!  Even if 0.1% of those are jerks, that's more new users every month
> causing problems than regularly contribute to this list.
>
> Is that an excuse?  no.  Does that make it ok?  Absolutely not.  But the fact
> remains that @Home will deal with these customers and is making every effort to
> get their own house in order so they can stop this network abuse.
>
> @Home doesn't advertise kicking people off the system or banning homes from
> ever having the service again for many legal/political reasons.  Because it's
> not publicized, doesn't mean it's not happening.
>
> Everyone complaining on this mailing list also assumes that their one TCPDump
> will be sufficient evidence to win an expensive lawsuit if some PO'd subscriber
> sues for having their service removed or being accused of something they didn't
> do.  You may laugh at this, but these are the issues that @Home has to deal
> with every day.  Throw 20 different cable partners in the mix, each with their
> own paranoia and policies and the problem becomes that much more complex.
>
> Everyone complaining is also making a large assumption - that the IP address
> conducting the scan knows they are conducting an illegal activity.  If some
> newbie with Linux and an @Home modem gets owned and starts attacking your
> system, should @Home ban that user for not setting up their system correctly?
>
> If that was the case, then 95% of their customers would be thrown out because
> they don't know what they're doing.
>
> My advice to you is that you're going to have no better luck telling @Home to
> fix their misbehaving users than you will telling every college in the world to
> not have rude users poking your defenses.  For that matter, if we're going to
> pee in @Home's cheerios, let's throw daemon.co.uk off the net for what their
> users have done.
>
> Take matters into your own hand and secure yourself.  If you're being mail
> bombed or ICMP flooded, then you have a legitimate complaint and you should
> pick up your phone and do something about it.  Otherwise ignore scans.  Who
> cares who knows that ports you run?  If you rely on security through obscurity,
> then you deserve what you get.
>
> Don't assume that your one email will be some magic bullet.  I'm amazed at how
> many times people say "I sent an email, why didn't they do anything about it?"
> Do you know how many emails @Home receives per day?  At least 50% of the
> problem report emails I send to large ISPs fall through the  cracks unless
> followed up with a phone call.
>
> Everyone used to (still does) hate AOL users because they had such poor
> netiquete.  @Home is the new jerk on the block because users finally have the
> bandwidth and availability to make themselves a nuisance.  Why doesn't DSL have
> the same complaints?  Because they don't allow their users the same freedom
> that @Home does.  They block users from running their own mail servers or
> having true IP-dialtone.  They're also a smaller target, each with less of the
> internet population so a scan from them doesn't stand out.
>
> My advice to everyone is, unless you have a real DOS attack, quit bitchin' and
> spend that energy locking down your site.
>
> $soapbox = 0;
>
> - Jeffrey
>
>
> --- "Maniac ." <m_a_n_i_a_c_ () HOTMAIL COM> wrote:
> > I agree.
> >
> > I went off on a rant a while back on this list (I think) about @home and
> > their lack of caring about their customers actions.  I hate to say this or
> > even condone it, but maybe its time people started taking care of these
> > idiots with cable modems ouselves.  Seeing how @home doesn't care and
> > all....
> >
> > Just my $.02
> >
> >
> > > little being done. IMHO, @Home's network is poorly managed and their
> > > support is next to useless. Unfortunately for me, DSL is not an option at
> > > this time.
> > >
> > > --
> > > Jim Littlefield           "One time I went to a museum where all the
> > >                            work in the museum had been done by
> > >                            children. They had all the paintings up
> > >                            on refrigerators." - Steven Wright
> >
> > ______________________________________________________
> > Get Your Private, Free Email at http://www.hotmail.com
>
> =====
> Yahoo Network Engineering
> work: 408-616-3897
> page: 408-619-0572
> cell: 650-580-2684
> email: jeffrey () papen com
> beep: page-jeffrey () papen com
> __________________________________________________
> Do You Yahoo!?
> Talk to your friends online with Yahoo! Messenger.
> http://im.yahoo.com