North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Scaled Back Cybersecuruty
> i've had absolutely no luck getting the source isp's to care about > the problems i've seen at my home firewall in recent weeks. (see > below if you wonder whether i'm implicating anyone here.) there's > no other way to view the internet than as a worm-infested zombie. hehe... I know the feeling. With DShield, we try hard to send out correlated and filtered reports in a standardized format to valid 'contact' addresses. There are some success stories, but more misses than hits overall. The 'misses' fall into two categories: - ignored/bad contact/ ( /dev/null group ) - or the "portscanning is not a crime" group. (at least they respond). What is an appropriate reaction if an ISP receive an abuse report? I know [email protected] is getting swamped with Excel Spreadsheets, screenshots and hate mail, and most of them are 'begnin' (P2P file sharing after glow and the like). But would it be too much for an ISP to send an email to the customer as they receive the first reports, a phone call after the third ... ? (BTW: Any ISPs here that would like a daily unfiltered report? I just streamlined that function last week.) here some dshield data for the IPs in your list > Jan 1 18:40:44 fwlha /kernel: ipfw: 1800 Deny TCP 64.139.35.209:2559 204.152.184.163:21 in via dc0 scanned 9 different targets , > 30 days ago > Jan 3 06:15:19 fwlha /kernel: ipfw: 1800 Deny TCP 80.145.56.173:2113 204.152.184.163:57 in via dc0 > Jan 3 06:15:37 fwlha /kernel: ipfw: 1800 Deny TCP 80.145.56.173:2595 204.152.184.163:21 in via dc0 > Jan 3 06:15:40 fwlha /kernel: ipfw: 1800 Deny TCP 80.145.56.173:2595 204.152.184.163:21 in via dc0 2 targets, > 30 days ago... TONLINE is receiving a daily summary report from us. For a while, they bounced it forth and back between departments for days. Now they just /dev/null it I think. > Jan 4 09:02:17 fwlha /kernel: ipfw: 1800 Deny TCP 193.251.0.37:4992 204.152.184.163:21 in via dc0 > Jan 4 09:02:20 fwlha /kernel: ipfw: 1800 Deny TCP 193.251.0.37:3314 204.152.184.163:21 in via dc0 Wanadoo.fr... do I need to say more? > Jan 12 23:21:16 fwlha /kernel: ipfw: 6400 Deny TCP 212.202.170.154:3540 204.152.188.2:21 in via vlan0 3 different tagets... does ftp and P2P... -- -------------------------------------------------------------------- [email protected] Collaborative Intrusion Detection join http://www.dshield.org Attachment:
pgp00004.pgp
|