Re: what's a good way to annoy the hell out of somebody at chello.be?
On 2004-11-05, Andreas Ott <[EMAIL PROTECTED]> wrote: > compose a 'written-by-a-lawyer' looking letter in plain text and print > it out. I bet 515/udp is open as well and most printers can handle > plain ASCII. > >> 515/tcp open printer Ron Guilmette used to notify operators of insecure machines with remote writes to syslog (that'd get logged on the console, as like as not) .. that didn't exactly win him friends or influence people (including Paul Vixie I think) some 5..6 years back :) srs
Re: what's a good way to annoy the hell out of somebody at chello.be?
Paul Vixie wrote: a customer of chello.be has been repeating a dns dynamic update against my zone every four minutes since october 20. chello's abuse reporting channel is no doubt full of spam reports. their noc no doubt doesn't care about end-user problems. i nmap'd the offending box: Hmmm.. Couldn't sending them [and only them] specifically bad information for your zone... say everything (*) goes to a webpage that says "you REALLY need to fix this?" I think most ISPs could reach their unreachable customers by forcing all their connections [http at least] to a page that starts out with "your web surfing has been interrupted because we need to talk to you... please wait 60 seconds to be taken to the web page you wanted to get to. Or just call us.." And the time keeps getting longer... and longer... as more time passes without it being cleared by the noc. It seems to get my attention in hotels when they hotel does it to me [and expires my dhcp ip]. Usually that is just that I need to renew my daily IP subscription, but you get the drift. If they are requesting information from you, give them information that directs them to contact you. [I am imagining a world where every file on an FTP server becomes a README when you have violated their access rules]. Not saying its a good idea.. Just an idea. Deepak
Re: what's a good way to annoy the hell out of somebody at chello.be?
Hi, On Fri, Nov 05, 2004 at 05:54:03PM +, Paul Vixie wrote: compose a 'written-by-a-lawyer' looking letter in plain text and print it out. I bet 515/udp is open as well and most printers can handle plain ASCII. > 515/tcp open printer -andreas
Re: what's a good way to annoy the hell out of somebody at chello.be?
On Fri, 05 Nov 2004 17:54:03 +, Paul Vixie <[EMAIL PROTECTED]> wrote: > a customer of chello.be has been repeating a dns dynamic update against my > zone every four minutes since october 20. chello's abuse reporting channel > is no doubt full of spam reports. their noc no doubt doesn't care about end-user > problems. Voice phone call to their NOC, maybe? Old-fashioned, but sometimes it helps. Alternatively, an SMTP alphabet spam against their box ought to find some email address beside the unread postmaster - but try sending mail to "root" first. Or just filter out their IP address.
Re: what's a good way to annoy the hell out of somebody at chello.be?
we all have this kind of problem. if you're on freebsd, man ipfw. i am sure there are similar on other oss. randy
what's a good way to annoy the hell out of somebody at chello.be?
a customer of chello.be has been repeating a dns dynamic update against my zone every four minutes since october 20. chello's abuse reporting channel is no doubt full of spam reports. their noc no doubt doesn't care about end-user problems. i nmap'd the offending box: Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-11-05 17:24 GMT Interesting ports on cable-62-205-122-245.upc.chello.be (62.205.122.245): (The 1638 ports scanned but not shown below are in state: closed) PORT STATESERVICE 9/tcp open discard 13/tcpopen daytime 21/tcpopen ftp 25/tcpopen smtp 37/tcpfiltered time 53/tcpopen domain 111/tcp open rpcbind 113/tcp filtered auth 135/tcp filtered msrpc 137/tcp filtered netbios-ns 138/tcp filtered netbios-dgm 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 515/tcp open printer 548/tcp open afpovertcp 1024/tcp open kdm 1025/tcp open NFS-or-IIS 1026/tcp filtered LSA-or-nterm 8009/tcp open ajp13 8080/tcp open http-proxy 1/tcp open snet-sensor-mgmt and i connected to every one of those services that i had a client for, and sent mail to the postmaster (using telnet and the @[] notation), but i think i have not done enough to set off any kind of intrusion detection systems. what's a socially acceptable way to be rude enough to make these people pay attention to me? i'm asking not just for this host -- i'm hoping there's a "community standard" i can follow, and recommend that others follow. the box is raw debian. in fact its hostname (according to its exim and bind) is "debian". i don't think anybody's reading its "postmaster" mailbox. i do not think there is any evil intent in the updates they won't stop sending me, but they're filling my logs and i don't want to firewall them.
