Re: big increase in ftp scanning

[Andreas Ferber <af () DEVCON NET>]

Hi,

On Sun, Nov 12, 2000 at 01:19:51PM +1300, Russell Fulton wrote:

[t-online abuse policy]
> That said we do see a lot of activity from this block so I do wonder
> how effective their enforcemnet is.

They are actually doing a good job. T-Online has about 7 million
customers, so it is only natural that you get much scanning activity
from their netblocks.

If a single customer gets reported the first time, they really do
nothing but recording this, that's right. But if a customer is
reported repeated times, they contact him and warn him, and if he
doesn't stop scanning, his account is terminated.

Here in germany there are also some legal problems which sometimes
prevent identifying who was doing the scans. An ISP is only allowed to
keep his logs of who had which IP address at which time as long as he
needs it to bill the customer. At T-Online this is typically up to 4
or 6 weeks, so if you report an incident later, it is not possible for
T-Online to identify the customer.

And, last, portscans are nothing illegal, at least here in germany...

Andreas
-- 
       Andreas Ferber - dev/consulting GmbH - Bielefeld, FRG
     ---------------------------------------------------------
      +49 521 1365800 - af () devconsult de - www.devconsult.de

Attachment: _bin
Description: