[Dshield] Road Runner / @home

Mitch Thompson mitchthompson at satx.rr.com
Wed Aug 29 00:44:35 GMT 2001


A noble idea, but /if/ you get caught, then you are in trouble.  

On Tuesday 28 August 2001 03:44 pm, you wrote:
> If someone is hammering you to the point that it's a major problem (I don't
> consider 10 or so hits / day to be hammering.  Hammering is usually on the
> order of 1 hit every few seconds) then just hack into his machine and stop
> it, if it's that annoying.  Probably less effort than trying to talk to
> tech support and emails.
>
> At 03:09 PM 8/28/2001 -0400, you wrote:
> >    @home has taken the same response that its not there problem and they
> >aren't going to do anything.  I do like http://www.dynwebdev.com/codered/
> >and there approach to dealing with ISP's like roadrunner and @home.
> >    physically called @home noc to complain about 3 computers hammering
> > our companies computer all infected with code red 2.  kept trying to send
> > me to pages with info on code red and finally said they would notify the
> > user. Its like morons we know what code red is I'm calling you to get you
> > to stop it, and kill the moron's account that is still infected.  Since
> > that fatefull call i've implemented earlybird on all my work servers
> > running apache http://www.treachery.net/~jdyson/earlybird/   gotton some
> > responce from isp's mostly to stop emailing them.  Since I emailed one
> > isp 30 times in one day with the same ip.  On my home computer i've
> > resorted to vigilante.
> >
> > > Message: 16
> > > From: Mitch Thompson <mitchthompson at satx.rr.com>
> > > To: dshield at dshield.org
> > > Subject: Re: [Dshield] Road Runner
> > > Date: Tue, 28 Aug 2001 04:42:23 -0500
> > > Reply-To: dshield at dshield.org
> > >
> > > Am I dreaming, or shouldn't it be possible for the highly skilled
> >
> >RoadRunner
> >
> > > sysadmins to cross-ref the TCP/IP address, and date-time stamp to find
> > > the MAC of the cable modem assigned that address and then to notify the
> > > subscriber that they need to fix their machine?  Or even turn off the
> >
> >cable
> >
> > > modem remotely?
> > >
> > > Since 99.99% of all hits to my firewall for port 80 are from 24.xx (the
> >
> >other
> >
> > > .01% seems to be from 216.xxx)., maybe it's time to start emailing my
> > > log entries to RR tech support with the suggestion they do just that.
> > >
> > > On Friday 24 August 2001 08:12 am, you wrote:
> > > > What a load of crap.
> > > >
> > > > I was personally hit by 113 computers in the range of 24.24 to 24.31
> > > >
> > > > check it out for yourself, realtime stats including number of hits
> > > > per attacker:
> > > >
> > > > http://www.topnotchtech.com
> > > >
> > > > Maybe less than 40 computers **inside Roadrunner the company**... =)
> > > >
> > > > -- Sean
> > > >
> > > > At 09:38 AM 8/22/2001 -0700, you wrote:
> > > > >My ISP is Road Runner, which owns the block 24.24.0.0 -
> > > > > 24.31.255.255.
> > > > >
> > > > >I received a letter from them yesterday saying that:
> > > > >
> > > > >"Fewer than 40 computers on our Road Runner network were infected by
> >
> >Code
> >
> > > > >Red. Those users were notified" .....
> > > > >
> > > > >Is it possible to determine if this is consistent with the data
> >
> >reported
> >
> > > > > to DSheild? I had the impression that there have been much more
> > > > > than
> >
> >40
> >
> > > > > Road Runner customers infected, but I am not sure how to determine
> >
> >that.
> >
> > > > >_______________________________________________
> > > > >Dshield mailing list
> > > > >Dshield at dshield.org
> > > > >To change your subscription options (or unsubscribe), see:
> > > > >http://www1.dshield.org/mailman/listinfo/dshield
> > > >
> > > > _________________________________________________________
> > > > Do You Yahoo!?
> > > > Get your free @yahoo.com address at http://mail.yahoo.com
> > > >
> > > > _______________________________________________
> > > > Dshield mailing list
> > > > Dshield at dshield.org
> > > > To change your subscription options (or unsubscribe), see:
> > > > http://www1.dshield.org/mailman/listinfo/dshield
> > >
> > > --__--__--
> > >
> > > _______________________________________________
> > > Dshield mailing list
> > > Dshield at dshield.org
> > > http://www1.dshield.org/mailman/listinfo/dshield
> > >
> > >
> > > End of Dshield Digest
> >
> >_______________________________________________
> >Dshield mailing list
> >Dshield at dshield.org
> >To change your subscription options (or unsubscribe), see:
> >http://www1.dshield.org/mailman/listinfo/dshield
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www1.dshield.org/mailman/listinfo/dshield




More information about the list mailing list