Theme

Welcome · log in · join

Security → Alert the ISP?

uniqs
239

« is anyone else having trouble with trojan hunter? • Fred Langa again does not do his homework. »

SparkChaser Premium Member join:2000-06-06 Downingtown, PA	SparkChaser Premium Member 2002-Apr-22 7:04 am Alert the ISP? I was wondering if anybody as ever reported open, infected computers to the ISP, in this case Comcast? My Linksys log, like everybody else, shows ports being hammered from all over the world. A few, each night, are from home computers in Comcast network hitting port 80. They are hanging out there as if someone was running a web page but trying to connect to them will get you W32.nimba.A. Norton gets it, but should Comcast be told that this stuff is there, do they care? I don't know what these virus do to computers without a firewall. I've never tried lowering my shields to find out.
	· actions · 2002-Apr-22 7:04 am ·
dja Happy to Help Premium Member join:2002-03-25 Niagara	dja Premium Member 2002-Apr-22 8:50 am This will answer your question. »Shaw sez: Don't use firewalls. Brilliant.
	· actions · 2002-Apr-22 8:50 am ·
jacour Premium Member join:2001-12-11 Matthews, NC	jacour to SparkChaser Premium Member 2002-Apr-22 8:50 am to SparkChaser Some of the broadband providers have finally started taking some action to reduce port scans coming from their domains. It can't hurt to let the ISP know. In most cases, the offending boxes are owned by clueless people that don't even know they are infected so you would be doing them a favor.
	· actions · 2002-Apr-22 8:50 am ·
Wildcatboy Invisible Mod join:2000-10-30 Toronto, ON	Wildcatboy to SparkChaser Mod 2002-Apr-22 8:58 am to SparkChaser Well, looking at how many computers out there are infected by Nimda should tell you how responsive ISPs are. You can't blame them either. They are flooded with so many complaints for false alerts that it has become extremely hard for them to separate legitimate concerns from false complaints. They do have their hands full and not enough resources to deal with them. That's why it's important for all of us to realize what's a legitimate alert and what's not before shooting an abuse email to the ISP. Your concern is legitimate but I wouldn't keep my hopes up.
	· actions · 2002-Apr-22 8:58 am ·
chawleyx89t$ join:2002-03-14 ca	chawleyx89t$ to SparkChaser Member 2002-Apr-22 10:56 am to SparkChaser Hi www.dshield.org or the mynetwatchman agent www.mynetwatchman.com can forward your router logs to the offending isp once the isp has enough reports sent in by other people to go after the offending customer they will take action and apply their TOS (terms of service) or their abuse dept will call the customer and warn them to clean their her pc with antivirus software. Chawley
	· actions · 2002-Apr-22 10:56 am ·
sig Premium Member join:2001-05-05	sig to SparkChaser Premium Member 2002-Apr-22 11:00 am to SparkChaser If you wish you can participate in the free mynetwatchman service. It takes log reports from users such as yourself, analyzes them, aggregates them and reports the significant problem IP's to the appropriate ISP's. If you're interested you can check it out at www.mynetwatchman.com.
	· actions · 2002-Apr-22 11:00 am ·
SparkChaser Premium Member join:2000-06-06 Downingtown, PA	SparkChaser Premium Member 2002-Apr-22 12:05 pm Thanks all for the info, I had a feeling that the ISP were probably too busy right now to worry about this stuff. Like I said, it doesn't affect me except for the engineer part of my brain that says something is not right and it should be fixed. I'll check out the sites recommended.
	· actions · 2002-Apr-22 12:05 pm ·
lfowkes5 join:2001-10-14 Flat Rock, MI	lfowkes5 to SparkChaser Member 2002-Apr-22 12:35 pm to SparkChaser I usually look through my logs and if I get continually hammered from a certain IP I will report it. In one case I got tons of various hits and probes from a certain IP. It turned out to be a family web site run on a dsl line. Since the web page had an email address listed I wrote a very nice email and let them know that I believed that their machine was compromised, attached my web logs, and sent it off to the "webmaster". In return I got a very nasty email informing me if I continued to try to hack their website they would call the FBI on me... sigh. Oh well I tried. Some people just can't be saved from themselves. Although I have to say I have not seen that IP in my logs since, so either they did patch things up or whoever compromised their machine trashed it completely.
	· actions · 2002-Apr-22 12:35 pm ·
jvmorris I Am The Man Who Was Not There. MVM join:2001-04-03 Reston, VA	jvmorris to SparkChaser MVM 2002-Apr-22 1:38 pm to SparkChaser said by beeron: Thanks all for the info, I had a feeling that the ISP were probably too busy right now to worry about this stuff. . . . . In the specific situation you describe, chawley's suggestion is probably the most appropriate (and the most likely to get positive results -- that's "most likely", not guaranteed).
	· actions · 2002-Apr-22 1:38 pm ·
imp$ Mxyzptlk Premium Member join:2002-04-05 imp@dslr.net	imp$ to SparkChaser Premium Member 2002-Apr-22 5:00 pm to SparkChaser I put a clean box up on DirecTV a couple of weeks ago and stupidly just surfed around for awhile to check out the connection before patching and putting up my firewall/av. A little while later I noticed Nimda on my box. Cleaned my box, actually I just got mad at myself and did a wipe and clean install and then patched my box. Not 20 min later do I get an email from DirecTV Abuse dept. telling me I had a Nimda variant and the correct procedure and links to clean and research it. They also said they would have to kill my connection if I didn't do anything about it...which is understandable. I thought that was pretty cool and it was the first time I was ever contacted by an upstream provider about an infection.
	· actions · 2002-Apr-22 5:00 pm ·

Forums → Software and Operating Systems → Security	« is anyone else having trouble with trojan hunter? • Fred Langa again does not do his homework. »