[linux-help] Re: Port 18593 attacks
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
Sandy said that she notifies the other ISP's who have customers who are
doing port scanning and other suspicious activity, but most of the ISPs
don't do anything about it. They don't want to lose a customer or have
negative rumors around. Cox tries to miminize virus infections by
shutting down a customer's service if they have a virus, spamming, or is
port scanning. Some of the customers call in wanting to find out why
their service isn't working, tech support staff are never informed as to
the reason why a person's internet service is shutdown, but the security
staff won't reconnect the customer until they have been warned and / or
get their computer cleaned up.
I wish that more could be done to help you, but changing the nic or
exchanging out the firewall is about the only thing that can be done.
Another nic would be the quickest way to get a different ip address. I
have access another frazier wall computer if you want to switch out for
a while.
Sometimes removing the HSI provisioning and adding it back again will
force a different ip address, but it doesn't always work. I have talked
with several customers who didn't have a firewall and their computer was
compromised, sometimes while we were on the phone trying to get the
computer connected to the internet, many times the customer is angry
with us in tech support because they think that cox should do more to
prevent these kinds of attacks. There is only so much that the techs
can do. I am very limited on what kind of suggestions that I can make.
~Anne
bbales wrote:
> Anne,
> Sorry I didn't answer your email. I did do as you suggested and sent a
> 59KByte message to abuse@xxxxxxx. I got their answer just a few minutes ago.
>
> Their answer was basically, "None of the messages originated from cox.net so
> we can't help."
>
> Yes your help was valued. Thank you. Sorry I didn't say so earlier, but I
> had several things to try and neglected to report on all of them. By the
> way, nothing has changed.
> bruce
>
> On Tuesday 03 August 2004 20:56, you wrote:
>
>>Let me remind you....I am telling the group what the Security person at
>>Cox said to do...it isn't my idea...do whatever you want with the
>>information. I was just trying to help and apparently my help isn't
>>valued. ~Anne
>>
>>Jonathan Hall wrote:
>>
>>>>Sandy asked if you were able to determine who is port scanning you or
>>>>what isp they are using. If it is one of cox's customers, then she
>>>>needs to find out and cox will go after them, suspending their service
>>>
>>>Well he pasted several IPs. It should be easy for anyone at Cox (or
>>>anywhere at all, for that matter) to determine if they are Cox customers.
>>>
>>>I looked up just a few here:
>>>
>>>24.167.87.199 cs2416787-199.houston.rr.com
>>>24.167.68.48 cs2416768-48.houston.rr.com
>>>68.113.250.214 c68.113.250.214.ona.wi.charter.com
>>>68.47.163.14 pcp01626435pcs.westk01.tn.comcast.net
>>>
>>>A superficial observation suggests that these four IPs are from Texas,
>>>Texas, Wisconsin, and Tennesee, respectively, and are not customers of
>>>Cox.
>>>
>>>
>>>>send them to abuse@xxxxxxx. Apparently asking people to be nice on the
>>>>internet doesn't work, going after them legally (if enough evidence can
>>>>be gathered and presented in court) is going to be the only way to stop
>>>>the deviant computer users. ~Anne
>>>
>>>That's assuming these ARE deviant computer users. A more likely
>>>explanation is generally a virus/trojan-infected computer, as I suggested
>>>in an earlier e-mail.
>>>
>>>-- Jonathan
>>>
>>>-- This is the linux-help@xxxxxxxxx list. To unsubscribe,
>>>visit http://www.complete.org/cgi-bin/listargate-aclug.cgi
>>
>>-- This is the linux-help@xxxxxxxxx list. To unsubscribe,
>>visit http://www.complete.org/cgi-bin/listargate-aclug.cgi
>
>
> -- This is the linux-help@xxxxxxxxx list. To unsubscribe,
> visit http://www.complete.org/cgi-bin/listargate-aclug.cgi
>
>
-- This is the linux-help@xxxxxxxxx list. To unsubscribe,
visit http://www.complete.org/cgi-bin/listargate-aclug.cgi
- [linux-help] Re: Port 18593 attacks, Adam M. Sennott, 2004/08/01
- [linux-help] Re: Port 18593 attacks, bbales, 2004/08/01
- [linux-help] Re: Port 18593 attacks, Jonathan Hall, 2004/08/02
- [linux-help] Re: Port 18593 attacks, ironrose, 2004/08/02
- [linux-help] Re: Port 18593 attacks, bbales, 2004/08/02
- [linux-help] Re: Port 18593 attacks, ironrose, 2004/08/02
- [linux-help] Re: Port 18593 attacks, Jonathan Hall, 2004/08/02
- [linux-help] Re: Port 18593 attacks, ironrose, 2004/08/03
- [linux-help] Re: Port 18593 attacks, Jonathan Hall, 2004/08/03
- [linux-help] Re: Port 18593 attacks, bbales, 2004/08/03
- [linux-help] Re: Port 18593 attacks,
ironrose <=
- [linux-help] Re: Port 18593 attacks, John Lucas, 2004/08/03
- [linux-help] Re: Port 18593 attacks, Adam M. Sennott, 2004/08/03
- [linux-help] Re: Port 18593 attacks, Michael Osten, 2004/08/03
- [linux-help] Re: Port 18593 attacks, bbales, 2004/08/07
- [linux-help] Re: Port 18593 attacks, Michael Osten, 2004/08/07
- [linux-help] Re: Port 18593 attacks, bbales, 2004/08/08
- [linux-help] Re: Port 18593 attacks, Jonathan Hall, 2004/08/08
- [linux-help] Re: Port 18593 attacks, bbales, 2004/08/08
- [linux-help] Re: Port 18593 attacks, Jonathan Hall, 2004/08/02
- [linux-help] Re: Port 18593 attacks, Jeff Vian, 2004/08/02
|
|
