[Dshield] Road Runner / @home

Sean Graham seangra at yahoo.com
Tue Aug 28 20:44:35 GMT 2001


If someone is hammering you to the point that it's a major problem (I don't 
consider 10 or so hits / day to be hammering.  Hammering is usually on the 
order of 1 hit every few seconds) then just hack into his machine and stop 
it, if it's that annoying.  Probably less effort than trying to talk to 
tech support and emails.

At 03:09 PM 8/28/2001 -0400, you wrote:
>    @home has taken the same response that its not there problem and they
>aren't going to do anything.  I do like http://www.dynwebdev.com/codered/
>and there approach to dealing with ISP's like roadrunner and @home.
>    physically called @home noc to complain about 3 computers hammering our
>companies computer all infected with code red 2.  kept trying to send me to
>pages with info on code red and finally said they would notify the user.
>Its like morons we know what code red is I'm calling you to get you to stop
>it, and kill the moron's account that is still infected.  Since that
>fatefull call i've implemented earlybird on all my work servers running
>apache http://www.treachery.net/~jdyson/earlybird/   gotton some responce
>from isp's mostly to stop emailing them.  Since I emailed one isp 30 times
>in one day with the same ip.  On my home computer i've resorted to
>vigilante.
>
> > Message: 16
> > From: Mitch Thompson <mitchthompson at satx.rr.com>
> > To: dshield at dshield.org
> > Subject: Re: [Dshield] Road Runner
> > Date: Tue, 28 Aug 2001 04:42:23 -0500
> > Reply-To: dshield at dshield.org
> >
> > Am I dreaming, or shouldn't it be possible for the highly skilled
>RoadRunner
> > sysadmins to cross-ref the TCP/IP address, and date-time stamp to find the
> > MAC of the cable modem assigned that address and then to notify the
> > subscriber that they need to fix their machine?  Or even turn off the
>cable
> > modem remotely?
> >
> > Since 99.99% of all hits to my firewall for port 80 are from 24.xx (the
>other
> > .01% seems to be from 216.xxx)., maybe it's time to start emailing my log
> > entries to RR tech support with the suggestion they do just that.
> >
> >
> > On Friday 24 August 2001 08:12 am, you wrote:
> > > What a load of crap.
> > >
> > > I was personally hit by 113 computers in the range of 24.24 to 24.31
> > >
> > > check it out for yourself, realtime stats including number of hits per
> > > attacker:
> > >
> > > http://www.topnotchtech.com
> > >
> > > Maybe less than 40 computers **inside Roadrunner the company**... =)
> > >
> > > -- Sean
> > >
> > > At 09:38 AM 8/22/2001 -0700, you wrote:
> > > >My ISP is Road Runner, which owns the block 24.24.0.0 - 24.31.255.255.
> > > >
> > > >I received a letter from them yesterday saying that:
> > > >
> > > >"Fewer than 40 computers on our Road Runner network were infected by
>Code
> > > >Red. Those users were notified" .....
> > > >
> > > >Is it possible to determine if this is consistent with the data
>reported
> > > > to DSheild? I had the impression that there have been much more than
>40
> > > > Road Runner customers infected, but I am not sure how to determine
>that.
> > > >
> > > >_______________________________________________
> > > >Dshield mailing list
> > > >Dshield at dshield.org
> > > >To change your subscription options (or unsubscribe), see:
> > > >http://www1.dshield.org/mailman/listinfo/dshield
> > >
> > > _________________________________________________________
> > > Do You Yahoo!?
> > > Get your free @yahoo.com address at http://mail.yahoo.com
> > >
> > > _______________________________________________
> > > Dshield mailing list
> > > Dshield at dshield.org
> > > To change your subscription options (or unsubscribe), see:
> > > http://www1.dshield.org/mailman/listinfo/dshield
> >
> >
> >
> > --__--__--
> >
> > _______________________________________________
> > Dshield mailing list
> > Dshield at dshield.org
> > http://www1.dshield.org/mailman/listinfo/dshield
> >
> >
> > End of Dshield Digest
>
>_______________________________________________
>Dshield mailing list
>Dshield at dshield.org
>To change your subscription options (or unsubscribe), see: 
>http://www1.dshield.org/mailman/listinfo/dshield


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com




More information about the list mailing list