Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

How to cope with, uhm, "mentally challenged" abuse personnel?

From: "Ralf G. R. Bergs" <rabe () RWTH-Aachen DE>
Date: Sat, 3 Mar 2001 10:20:25 +0100
Hi there,

I have to report about 1 incident per day that is caused by ip addresses
assigned to UUnet. Mostly it's sweeps across our whole class C, sometimes
ICMP, sometimes even scans for 111/UDP. NONE of our LAN IPs EVER leave our
LAN, since altho they're IPs officially assigned to us I masquerade (NAT) them
at our router.

The usual answer I receive from UUnet is the following:

    "The type of internet traffic you describe appears to be of normal
origin."

As I explained above NONE of our LAN IPs ever can be seen outside of our LAN,
so HOW ON EARTH should this be "of normal origin???"

Frankly I'm fed up with this kind of replies. I don't know whether it's just
that the abuse personnel simply is underqualified for their job, or whether
it's they simply can't cope with the growing number of incidents caused by
their customers, but I don't feel like accepting this kind of ignorance.

Any suggestions what I should do? If UUnet's personnel doesn't get their act
together I could be forced to completely black-hole their respective subnets
in our router.

Thanks,

Ralf


--
Sign the EU petition against SPAM:          L I N U X       .~.
http://www.politik-digital.de/spam/        The  Choice      /V\
                                            of a  GNU      /( )\
                                           Generation      ^^-^^
Previous By Date Next
Previous By Thread Next

Current thread: