blackholing t-dialin.net? sympatico.ca?

[Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>]

well, like many of you, i continue to receive FTP and sometimes telnetd
sweeps from sympatico.ca and t-dialin.net. so far i haven't had a
compromise on a machine under my watch (due to access controls) from these
domains, but the continued scanning gets annoying.

i'm not one who thinks that service sweeps are worth leaving as
"background noise", or worth getting all in a huff about.

i am, however, of the sentiment that both sympatico.ca and t-dialin.net
have repeatedly shown unneighborly behavior by not addressing, in one form
or another, continued activities that are typical of preludes to attacks.

[at worst it's probably some kid with too much time on his hands, and
should be discouraged from going down the road that leads to breaking the
law. it's probably a compromised account or machine to blame, though.]

sympatico.ca is marginally better than t-dialin.net in the folowing
respects: i alerted them to some sweeps in early october, 2000, and
received a reply in january, 2001. and their AUP seems to be as good as
any AUP can be: http://www1.sympatico.ca/help/About/terms.html ...

t-dialin.net, however, has been the source of many probes for many of us
on this list, yet a quick attempt to find their AUP leaves me lacking.
(was it t-dialin.net who has the 'port scans are ok with us!' AUP?)

still, this situation continues. is it worth starting to block their
dialin netblocks?

frankly, i'd love it, and i think many of you would, as well, if reps from
t-dialin.net and sympatico.ca spoke up here and addressed these continuing
issues.

thanks,

____________________________
jose nazario                                                 jose () cwru edu
                     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)