Re: Attitude problem.

[f4 () SILCON COM]

David,

We have taken some flack but we have gotten good results from aggressively
sending "Cease & Desist" notices to the chain of providers leading to an end
user (who seems to be attacking).

Many ISP's do not respond, or a robot responds, but eventually (usually)
someone who cares takes notice.

George Milliken
farm9







"Booth, David CWT-MSP" <dbooth () CARLSON COM> said:

> > From: Greg A. Woods [mailto:woods () weird com]
> <snip>
> > Remember that end-user ISPs in general have literally no
> > responsibility
> > for the state of their customer's machines.  Of course they
> > must prevent
> > their customers from from doing really bad things, such as sending
> > packets with spoofed addresses, allowing open SMTP relays, etc., but
> > there's not much they can do about a rooted customer box except send a
> > warning to the customer (hopefully "out-of-band" so the cracker can't
> > "deal" with it!).
> <snip>
>
> I agree, but theres a big problem here.. Joe Q Cracker gets hold of
> somebodys machine on, for example, the @home network... I as just another
> sysadmin out there have no point of contact for the admins of that machine
> apart from the ISP - Theres no way for me to query the ISPs data and find
> out who owns that account and nor should there be. All I can do is contact
> the ISP and tell them that one of their customers has a box thats behaving
> suspiciously and may well be compromised. I HAVE to trust them to pass that
> warning on and be alert to the behaviour of that machine. It would go a long
> way towards improving the reputation of cable modem and other broadband
> providers if they would at least confirm that they had done this bare
> minimum. If anything remotely suspicious was coming out of my home LAN I'd
> hope my ISP would contact me so I can fix it.... After all, my firewall is
> as good as I can make it but I'd be a fool to consider my machines
> invulnerable. Thats why I read lists like this one :)
>
> Dave.