Complete.Org: Mailing Lists: Archives: linux-help: August 2004:
[linux-help] Re: Port 18593 attacks

[linux-help] Re: Port 18593 attacks

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: linux-help@xxxxxxxxx
Subject: [linux-help] Re: Port 18593 attacks
From: ironrose <ironrose@xxxxxxx>
Date: Tue, 03 Aug 2004 21:55:49 -0500
Reply-to: linux-help@xxxxxxxxx

Sandy said that she notifies the other ISP's who have customers who are 
doing port scanning and other suspicious activity, but most of the ISPs 
don't do anything about it.  They don't want to lose a customer or have 
negative rumors around.  Cox tries to miminize virus infections by 
shutting down a customer's service if they have a virus, spamming, or is 
port scanning.  Some of the customers call in wanting to find out why 
their service isn't working, tech support staff are never informed as to 
the reason why a person's internet service is shutdown, but the security 
staff won't reconnect the customer until they have been warned and / or 
get their computer cleaned up.

I wish that more could be done to help you, but changing the nic or 
exchanging out the firewall is about the only thing that can be done. 
Another nic would be the quickest way to get a different ip address.  I 
have access another frazier wall computer if you want to switch out for 
a while.

Sometimes removing the HSI provisioning and adding it back again will 
force a different ip address, but it doesn't always work.  I have talked 
with several customers who didn't have a firewall and their computer was 
compromised, sometimes while we were on the phone trying to get the 
computer connected to the internet, many times the customer is angry 
with us in tech support because they think that cox should do more to 
prevent these kinds of attacks.  There is only so much that the techs 
can do.  I am very limited on what kind of suggestions that I can make. 

bbales wrote:
> Anne,
> Sorry I didn't answer your email.  I did do as you suggested and sent a 
> 59KByte message to abuse@xxxxxxx.  I got their answer just a few minutes ago. 
> Their answer was basically, "None of the messages originated from so 
> we can't help."  
> Yes your help was valued.  Thank you.  Sorry I didn't say so earlier, but I 
> had several things to try and neglected to report on all of them.  By the 
> way, nothing has changed.
> bruce
> On Tuesday 03 August 2004 20:56, you wrote:
>>Let me remind you....I am telling the group what the Security person at
>>Cox said to isn't my whatever you want with the
>>information.  I was just trying to help and apparently my help isn't
>>valued.  ~Anne
>>Jonathan Hall wrote:
>>>>Sandy asked if you were able to determine who is port scanning you or
>>>>what isp they are using.  If it is one of cox's customers, then she
>>>>needs to find out and cox will go after them, suspending their service
>>>Well he pasted several IPs.  It should be easy for anyone at Cox (or
>>>anywhere at all, for that matter) to determine if they are Cox customers.
>>>I looked up just a few here:
>>>A superficial observation suggests that these four IPs are from Texas,
>>>Texas, Wisconsin, and Tennesee, respectively, and are not customers of
>>>>send them to abuse@xxxxxxx.  Apparently asking people to be nice on the
>>>>internet doesn't work, going after them legally (if enough evidence can
>>>>be gathered and presented in court) is going to be the only way to stop
>>>>the deviant computer users.  ~Anne
>>>That's assuming these ARE deviant computer users.  A more likely
>>>explanation is generally a virus/trojan-infected computer, as I suggested
>>>in an earlier e-mail.
>>>-- Jonathan
>>>-- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
>>-- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
> -- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
> visit
-- This is the linux-help@xxxxxxxxx list.  To unsubscribe,

[Prev in Thread] Current Thread [Next in Thread]