Security Incidents mailing list archives
Re: Attitude problem.
From: f4 () SILCON COM
Date: Mon, 25 Sep 2000 11:20:28 -0700
David, We have taken some flack but we have gotten good results from aggressively sending "Cease & Desist" notices to the chain of providers leading to an end user (who seems to be attacking). Many ISP's do not respond, or a robot responds, but eventually (usually) someone who cares takes notice. George Milliken farm9 "Booth, David CWT-MSP" <dbooth () CARLSON COM> said:
From: Greg A. Woods [mailto:woods () weird com]<snip>Remember that end-user ISPs in general have literally no responsibility for the state of their customer's machines. Of course they must prevent their customers from from doing really bad things, such as sending packets with spoofed addresses, allowing open SMTP relays, etc., but there's not much they can do about a rooted customer box except send a warning to the customer (hopefully "out-of-band" so the cracker can't "deal" with it!).<snip> I agree, but theres a big problem here.. Joe Q Cracker gets hold of somebodys machine on, for example, the @home network... I as just another sysadmin out there have no point of contact for the admins of that machine apart from the ISP - Theres no way for me to query the ISPs data and find out who owns that account and nor should there be. All I can do is contact the ISP and tell them that one of their customers has a box thats behaving suspiciously and may well be compromised. I HAVE to trust them to pass that warning on and be alert to the behaviour of that machine. It would go a long way towards improving the reputation of cable modem and other broadband providers if they would at least confirm that they had done this bare minimum. If anything remotely suspicious was coming out of my home LAN I'd hope my ISP would contact me so I can fix it.... After all, my firewall is as good as I can make it but I'd be a fool to consider my machines invulnerable. Thats why I read lists like this one :) Dave.
Current thread:
- Attitude problem. Booth, David CWT-MSP (Sep 22)
- Re: Attitude problem. Greg A. Woods (Sep 24)
- <Possible follow-ups>
- Re: Attitude problem. Booth, David CWT-MSP (Sep 25)
- Re: Attitude problem. f4 (Sep 25)