RE: Abuse Departments
Yes, I agree with everyone, in a distributed environment many things are possible. Perhaps I should have read the entire thread rather than responding to a single message. Bryan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Sullivan Sent: Sunday, October 12, 2003 5:16 PM Cc: [EMAIL PROTECTED] Subject: Re: Abuse Departments Bryan Heitman wrote: >Would you perhaps have more underlying problems if a "script kiddie" on a >dialup can attack you in such a way to impact your service? > > > Yeah? See: http://www.irbs.net/internet/nanog/0308/1463.html / Mat
Re: Abuse Departments
Bryan Heitman wrote: Would you perhaps have more underlying problems if a "script kiddie" on a dialup can attack you in such a way to impact your service? Yeah? See: http://www.irbs.net/internet/nanog/0308/1463.html / Mat
Re: Abuse Departments
On Sun, Oct 12, 2003 at 10:33:18AM -0500, Bryan Heitman wrote: > Would you perhaps have more underlying problems if a "script kiddie" on a > dialup can attack you in such a way to impact your service? Bryan, I don't mean to be rude, but it sounds like you don't understand the way the "script kiddies" operate. A dialup is more than sufficient. Generally the attacker will have a number of compromised servers/home PC's/workstations, etc, at their disposal. Each has been infected with a particular type of trojan horse, which allow the abuser to control the compromised machine. The abuse can then instruct these tens, or hundreds, or thousands, or now tens to hundreds of thousands of machines, to performa an attack against a target. Thus, the executor sits back on their dialup, which networks around the world fight with each otehr to stay alive - the attacks for running out of upstream bandwidth, and the victims for running out of downstream.
Re: Abuse Departments
- Original Message - From: "Bryan Heitman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, October 12, 2003 11:33 AM Subject: Re: Abuse Departments > > Would you perhaps have more underlying problems if a "script kiddie" on a > dialup can attack you in such a way to impact your service? > Sorry, I meant a DSL, T1, dialup, whatever as the one being attacked. I just woke up, so cut me some slack here.
Re: Abuse Departments
Only if that script kiddie doesn't have a couple hundred DDoS drones, and most have quite a few more than that. The probelm with these zombie networks is that they could be controlled from a 14.4 dialup and still knock out anything but the biggest infrastructure links on the internet. Active cooperation is needed from abuse departments for the victims of these attacks so that the compromised hosts are shut off quickly. On Sun, 12 Oct 2003 10:33:18 -0500 "Bryan Heitman" <[EMAIL PROTECTED]> wrote: > > Would you perhaps have more underlying problems if a "script kiddie" on a > dialup can attack you in such a way to impact your service? > > Bryan > - Original Message - > From: "Brian Bruns" <[EMAIL PROTECTED]> > To: "Matthew S. Hallacy" <[EMAIL PROTECTED]>; "Matt" > <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Sunday, October 12, 2003 10:20 AM > Subject: Re: Abuse Departments > > > > > > - Original Message - > > From: "Matthew S. Hallacy" <[EMAIL PROTECTED]> > > To: "Matt" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > > Sent: Sunday, October 12, 2003 3:18 AM > > Subject: Re: Abuse Departments > > > > > > > Most places will take care of abuse issues if they get to the right > > person, > > > but some places simply won't wake up their network admin at 11:00 on a > > saturday > > > night because some script kiddie's DSL is getting attacked by another > > > script kiddie on IRC. > > > > > > > > > Watch yourself poptix - you don't have such a squeaky clean past either. > > > > Point is this. If your network/servers are being used in an attack > against > > someone else, you can be held responsible if you do not act in a timely > > manner. > > > > This "script kiddie's DSL" is actually a shared setup with several servers > > on the end of it and a firewall. What happens to it also affects me and > my > > customers. When my customers go down, I get complaints. > > > > Now, if your network was attacking mine from a comprimised box, and you > > failed to act in a timely fashion, regardless if its a DSL or a T1 or a > > dialup for that matter, I'd either sue you myself for allowing the attack > to > > continue, or give my customers your info and let THEM sue you for it. > > > > -- Andrew D Kirch | [EMAIL PROTECTED]| Security Admin | Summit Open Source Development Group | www.sosdg.org
Re: Abuse Departments
Would you perhaps have more underlying problems if a "script kiddie" on a dialup can attack you in such a way to impact your service? Bryan - Original Message - From: "Brian Bruns" <[EMAIL PROTECTED]> To: "Matthew S. Hallacy" <[EMAIL PROTECTED]>; "Matt" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Sunday, October 12, 2003 10:20 AM Subject: Re: Abuse Departments > > - Original Message - > From: "Matthew S. Hallacy" <[EMAIL PROTECTED]> > To: "Matt" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Sunday, October 12, 2003 3:18 AM > Subject: Re: Abuse Departments > > > > Most places will take care of abuse issues if they get to the right > person, > > but some places simply won't wake up their network admin at 11:00 on a > saturday > > night because some script kiddie's DSL is getting attacked by another > > script kiddie on IRC. > > > > > Watch yourself poptix - you don't have such a squeaky clean past either. > > Point is this. If your network/servers are being used in an attack against > someone else, you can be held responsible if you do not act in a timely > manner. > > This "script kiddie's DSL" is actually a shared setup with several servers > on the end of it and a firewall. What happens to it also affects me and my > customers. When my customers go down, I get complaints. > > Now, if your network was attacking mine from a comprimised box, and you > failed to act in a timely fashion, regardless if its a DSL or a T1 or a > dialup for that matter, I'd either sue you myself for allowing the attack to > continue, or give my customers your info and let THEM sue you for it. >
Re: Abuse Departments
- Original Message - From: "Matthew S. Hallacy" <[EMAIL PROTECTED]> To: "Matt" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Sunday, October 12, 2003 3:18 AM Subject: Re: Abuse Departments > Most places will take care of abuse issues if they get to the right person, > but some places simply won't wake up their network admin at 11:00 on a saturday > night because some script kiddie's DSL is getting attacked by another > script kiddie on IRC. > Watch yourself poptix - you don't have such a squeaky clean past either. Point is this. If your network/servers are being used in an attack against someone else, you can be held responsible if you do not act in a timely manner. This "script kiddie's DSL" is actually a shared setup with several servers on the end of it and a firewall. What happens to it also affects me and my customers. When my customers go down, I get complaints. Now, if your network was attacking mine from a comprimised box, and you failed to act in a timely fashion, regardless if its a DSL or a T1 or a dialup for that matter, I'd either sue you myself for allowing the attack to continue, or give my customers your info and let THEM sue you for it.
Re: Abuse Departments
On Sun, Oct 12, 2003 at 02:18:45AM -0500, Matthew S. Hallacy wrote: > Most places will take care of abuse issues if they get to the right person, > but some places simply won't wake up their network admin at 11:00 on a saturday > night because some script kiddie's DSL is getting attacked by another > script kiddie on IRC. You've had good experiences with abuse departments. I'm glad for you. The rest of us have not. Yes, some places ARE helpful when you call with a genuine problem. Most places are not. And honestly, regardless of the reason, shouldn't abuse departments be responsive to this type of thing? DoS attacks often effect more than the end target, they often cause people on immediate surrounding network many problems also.
Re: Abuse Departments
On Sun, Oct 12, 2003 at 01:54:28AM -0500, Matt wrote: > > I think he does make a fair observation about the state of many abuse > departments today. How many posts do we see on here requesting someone > with a clue in abuse from some domain in the average month? And how many of them are taken care of by pointing them to Jared's NOC list? I recently had an issue with an open proxy/relay within berkeley.edu's resnet, I shot off an email at around 2:30am CST, got a reply within 20 minutes, and the box was off the net within an hour. Most places will take care of abuse issues if they get to the right person, but some places simply won't wake up their network admin at 11:00 on a saturday night because some script kiddie's DSL is getting attacked by another script kiddie on IRC. -- Matthew S. HallacyFUBAR, LART, BOFH Certified http://www.poptix.net GPG public key 0x01938203
Re: Abuse Departments
> Matthew S. Hallacy wrote: Maybe you should avoid pissing the kiddies off on IRC, or get something other than Ameritech DSL if you want your upstream to give a damn. > I think he does make a fair observation about the state of many abuse departments today. How many posts do we see on here requesting someone with a clue in abuse from some domain in the average month?
Re: Abuse Departments
On Sat, Oct 11, 2003 at 08:22:25PM -0500, Andrew D Kirch wrote: > [snip] Maybe you should avoid pissing the kiddies off on IRC, or get something other than Ameritech DSL if you want your upstream to give a damn. -- Matthew S. HallacyFUBAR, LART, BOFH Certified http://www.poptix.net GPG public key 0x01938203
Re: Abuse Departments
On Sat, 11 Oct 2003, Andrew D Kirch wrote: > > apologies for the grammar, after suffering from a 2 hour site outage due to DoS > attack and the best reply I got was "well we'll call you" I'm at wits end. > > On Sat, 11 Oct 2003 20:22:25 -0500 > Andrew D Kirch <[EMAIL PROTECTED]> wrote: > > no need to suffer, vote with your bandwidth to a provider that can help... There are several on this list, eh? :)
Re: Abuse Departments
apologies for the grammar, after suffering from a 2 hour site outage due to DoS attack and the best reply I got was "well we'll call you" I'm at wits end. On Sat, 11 Oct 2003 20:22:25 -0500 Andrew D Kirch <[EMAIL PROTECTED]> wrote: > > > -- Andrew D Kirch | [EMAIL PROTECTED]| Security Admin | Summit Open Source Development Group | www.sosdg.org
