[Dshield] Road Runner / @home

merlin merlin at leopardtortoise.com
Tue Aug 28 19:09:25 GMT 2001


   @home has taken the same response that its not there problem and they
aren't going to do anything.  I do like http://www.dynwebdev.com/codered/
and there approach to dealing with ISP's like roadrunner and @home.
   physically called @home noc to complain about 3 computers hammering our
companies computer all infected with code red 2.  kept trying to send me to
pages with info on code red and finally said they would notify the user.
Its like morons we know what code red is I'm calling you to get you to stop
it, and kill the moron's account that is still infected.  Since that
fatefull call i've implemented earlybird on all my work servers running
apache http://www.treachery.net/~jdyson/earlybird/   gotton some responce
from isp's mostly to stop emailing them.  Since I emailed one isp 30 times
in one day with the same ip.  On my home computer i've resorted to
vigilante.

> Message: 16
> From: Mitch Thompson <mitchthompson at satx.rr.com>
> To: dshield at dshield.org
> Subject: Re: [Dshield] Road Runner
> Date: Tue, 28 Aug 2001 04:42:23 -0500
> Reply-To: dshield at dshield.org
>
> Am I dreaming, or shouldn't it be possible for the highly skilled
RoadRunner
> sysadmins to cross-ref the TCP/IP address, and date-time stamp to find the
> MAC of the cable modem assigned that address and then to notify the
> subscriber that they need to fix their machine?  Or even turn off the
cable
> modem remotely?
>
> Since 99.99% of all hits to my firewall for port 80 are from 24.xx (the
other
> .01% seems to be from 216.xxx)., maybe it's time to start emailing my log
> entries to RR tech support with the suggestion they do just that.
>
>
> On Friday 24 August 2001 08:12 am, you wrote:
> > What a load of crap.
> >
> > I was personally hit by 113 computers in the range of 24.24 to 24.31
> >
> > check it out for yourself, realtime stats including number of hits per
> > attacker:
> >
> > http://www.topnotchtech.com
> >
> > Maybe less than 40 computers **inside Roadrunner the company**... =)
> >
> > -- Sean
> >
> > At 09:38 AM 8/22/2001 -0700, you wrote:
> > >My ISP is Road Runner, which owns the block 24.24.0.0 - 24.31.255.255.
> > >
> > >I received a letter from them yesterday saying that:
> > >
> > >"Fewer than 40 computers on our Road Runner network were infected by
Code
> > >Red. Those users were notified" .....
> > >
> > >Is it possible to determine if this is consistent with the data
reported
> > > to DSheild? I had the impression that there have been much more than
40
> > > Road Runner customers infected, but I am not sure how to determine
that.
> > >
> > >_______________________________________________
> > >Dshield mailing list
> > >Dshield at dshield.org
> > >To change your subscription options (or unsubscribe), see:
> > >http://www1.dshield.org/mailman/listinfo/dshield
> >
> > _________________________________________________________
> > Do You Yahoo!?
> > Get your free @yahoo.com address at http://mail.yahoo.com
> >
> > _______________________________________________
> > Dshield mailing list
> > Dshield at dshield.org
> > To change your subscription options (or unsubscribe), see:
> > http://www1.dshield.org/mailman/listinfo/dshield
>
>
>
> --__--__--
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> http://www1.dshield.org/mailman/listinfo/dshield
>
>
> End of Dshield Digest




More information about the list mailing list