Re: constant attacks - whom to contact?

On 28 Jun 2006, in the Usenet newsgroup comp.security.misc, in article
<4gg9drF1mmsftU1@xxxxxxxxxxxxxx>, Chris Kronberg wrote:

In the past I learned that disclosing details to anyone else
but the people in charge details yield nothing.

There is very little that a single individual can do. On the other hand,
when enough people realize that an entity is a problem, together they can
do something about it. Look up "Usenet Death Penalty" in your spare time.

So nowadays I'm far more suspicious and far more careful (I may have
scared that person away by disclosing information to early).

On the 15 of this month, there were 73466 IPv4 networks in the world,
totalling 2318449458 IP addresses - that's 2.32 billion. Do you really
think that your system stands out above that mass?

Yes, I did that on an early stage of my investigations after the
first complaints didn't show any effect. Result: Just one complaint
in twelve months and a statement of the provider that they are
reorganizing to be able to better handle the (spam) problems (again
that was last year).

Well, if people have your attitude of "I've been attacked, but I won't
tell whose IP space it came from", you should't expect to find large
numbers of postings. A lot of network admins are taking the stance that
abuse complaints are pretty much ignored, and the solution is simply to
block the offending domain. If they feel generous, they may post the
details to something in the news.admin.net-abuse.* hierarchy, so that
others can be warned. Eventually enough people are blocking a domain
that even the most dense management types finally recognize that they
have a problem - there have been several entire countries where the
authorities _finally_ saw the light.

Only if there is criminal activity - as defined by (in this case) US
law. Your opinion may not match what's in the laws.

I know. But the law in the US don't allow attacking other computers,
does it?

There are several sets of laws, some enacted at the 'state' level, some
at the national level. The problem is one of priorities. The crime has
to be serious enough for the authorities to see it worth the time and
expense. It has been reported in the past that the federal authorities
(US Federal Bureau of Investigation - the FBI) won't get actively involved
unless the monetary damage is over US$5000, or it involves national
security.

That a european outsider has no high priority - well, I know that, too.

Just as a non-european has no high priority in European jurisdictions. Do
you find this surprising?

With road-runner and verizon I agree. With SBC I had some good
experiences. Comcast, well, has a very bad past. Not sure about
what is going on now.

SBC has been a thorn in my side for years - that's why about 11.5 million
addresses (the equivalent of about 175 /16s) are blocked here. My users
haven't complained about the blockage, and I really don't care what SBC
might think. As for comcast, I'm blocking even more netblocks - about
the equivalent of 364 /16s. I no longer have much of a problem with either.

Old guy
.

Quantcast