Another thought...for grins --
Call your local FBI service. Have them contact the ISP
of the offending IP address. Attacking across state
lines turns a simple crack into a felony. Be nice, be
professional, but be firm.
Works for me, and they take you more seriously in the
future (ISPs, FBI, and your outfit). For example:
Many sites that I would complain to, didn't have a
CLUE on how to handle their abusers. Now, they have
complain dept.s with real people, real email addresses
to email to. Everyone's happy!
In short, kick 'em in the pants -- so they actually
become responsible for their users :)
It gets better!
My $0.02 -- Chris
--- Jonah Kowall <[EMAIL PROTECTED]> wrote:
> Easy to say if you have only 1 ISP :)
>
>
> -----Original Message-----
> From: Oxenreider, Jeff [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, June 15, 2000 9:33 AM
> To: '[EMAIL PROTECTED]'; fw mailing list
> Subject: RE: [FW1] hacker 194.73.175.25
>
>
>
> I usually pass those types of things off to my ISP
> if I don't get a
> satisfactory response from the offenders ISP. If
> nothing else, you can have
> YOUR ISP block the offending range of IP's from your
> ISP's router, that way
> it's not wasting any of YOUR bandwidth, and you
> leave the ball in your ISP's
> court to figure out how to solve, and it's not
> longer an issue on your
> network.
>
> JMHO.
>
>
>
> Jeffrey A. Oxenreider
> Network Security Analyst
> Safelite Glass Corp
>
>
>
> -----Original Message-----
> From: Karim Amrani [ mailto:[EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]>
> ]
> Sent: Thursday, June 15, 2000 9:16 AM
> To: fw mailing list
> Subject: Re: [FW1] hacker 194.73.175.25
>
>
> Hi,
>
> I agree with you for the 'I am in the pissed-off
> stage right now' part.
> Unfortunately, I did not have such wonderful results
> with emailing
> [EMAIL PROTECTED]
> The one that is really on my nerves right now is one
> of the main ISP in
> France
> (subsidiary of the original telco in France). They
> never respond to emails
> to
> [EMAIL PROTECTED] (that's their name) and are not
> able to answer you on the
> phone
> about that ('just customer support').
> The scans from their customers are occurring on a
> daily basis for over 9
> months.
>
> I'm not a big fan of retaliation but I'm not a big
> fan of being cornered
> either...
>
> Any suggestions to obtain cooperation from an ISP ?
>
> Karim
>
> James Edwards wrote:
>
> > Not to start a flame war here but I would imagine
> his suggestion was only
> > half serious.
> >
> > I certainly understand how he feels. I am
> personally at the point where I
>
> > am really, really sick of all the wanna-be hackers
> out their running their
>
> > little script kiddies and probing my network. I'm
> quite sure most of them
>
> > wouldn't have a clue what to do if they really did
> find something but
> since
> > that is an assumption we can't afford to make,
> every single one has to be
> > taken seriously and that takes time I sure could
> spend on other, more
> > productive things. There seems to be phases to
> this business and I am in
> > the pissed-off stage right now.
> >
> > I would never retaliate on a scan or even an
> attack, I can only imagine
> the
> > consequences of such action if it went wrong.
> However, I do dream about
> it
> > sometimes and wake up smiling.
> >
> > Jim Edwards
> >
> > P.S. I have had excellent results from sending my
> scan outputs to the
> > various abuse@isp addresses.
> >
> > -----Original Message-----
> > From: Dan R Dunn -CTR [ mailto:[EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]> ]
> > Sent: Thursday, June 15, 2000 6:13 AM
> > To: John Stevenson
> > Cc: 'hermit1';
> [EMAIL PROTECTED]
> > Subject: RE: [FW1] hacker 194.73.175.25
> >
> >
> > (Embedded
> > image moved
> > to file:
> > pic10108.pcx)
> >
> >
> > Now there's a real thoughtful, mature suggestion.
> If all of us ping
> bombed
> > everyone who scanned us every time we got scanned,
> nothing else would move
>
> > on
> > the Internet. Not to mention ping bombing a site
> (better known as a
> Denial
> > of
> > Service attack) is ILLEGAL in most civilized
> countries, including the US
> and
> > Britain. Can we say law suit? Possible
> prosecution? I hope you're not
> > expressing Southwest Security Group's official
> position on how to handle
> > scans,
> > intrusion attempts, etc. Your suggestion is the
> most irresponsible thing
> > I've
> > ever heard. I wonder what your ISP would think if
> they knew you advocated
>
> > retaliatory strikes against possible probes? Or
> maybe your CIO/CEO should
>
> > be
> > informed of what you advocate. What you suggest
> makes you no better than
> > the
> > hackers/crackers/script kiddies out there.
> >
> > I'll get off my soapbox now.
> >
> > For hermit1: If you can't get in touch directly
> with bt.net, contact
> their
> > up-channel ISP. You can usually get a response by
> sending an email to
> > [EMAIL PROTECTED] or [EMAIL PROTECTED]
> NEVER attempt to retailate
> > against
> > a suspected probe. It could be an innocent
> misconfiguration, or as you
> > suggested, the source address may be spoofed, in
> which case you just nuked
>
> > the
> > wrong source. Any retaliation, other than legal
> steps through proper
> > channels,
> > only lowers us to the level of the slime out there
> that has nothng better
> to
> > do
> > than to probe other people's networks.
> >
>
----------------------------------------------------------------------------
>
> > ---
> > Daniel R. (Dan) Dunn, EE
> > Sr. INFOSEC Engineer, GRC Int'l (an AT&T company)
> > OSD-ITD Firewall Administrator
> > p: 703-614-8086, ext 300
> >
> > The opinions expressed by the author are entirely
> his own, and
> > do not reflect those of AT&T, GRCI, Inc., or its
> subsidiaries,
> > nor do they reflect policy, opinion, or
> endorsement by the
> > US Department of Defense or any of its agencies.
>
=== message truncated ===
__________________________________________________
Do You Yahoo!?
Yahoo! Photos -- now, 100 FREE prints!
http://photos.yahoo.com
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
