[Dshield] reporting to BT is a waste of time

Mark Rowlands mark.rowlands at minmail.net
Fri Jun 14 18:49:31 GMT 2002

On Friday 14 June 2002 7:26 pm, John Groseclose wrote:
> * Frank Rizzo <frankrizzocalled at hotmail.com> [020614 09:19]:
> > For weeks I have had this lil' ba$tard trying to crack my members area.
> > He's slipping up a few times because the x-forwarded-for is giving away
> > his IP address (I sometimes see his client_ip address as btinternet too).
> >
> > So everytime there is an attack I send to abuse at btinternet.com or bt.net
> > whichever the whois tells me too.

At the risk of generating more irritation than you obviously already have  

Are you reporting the appropriate information? ...... time with timezone, src 
and destination, a packet dump is nice too. Are you sure it is actually an 
attack?  Does dshield implicate the little feller in any other activities?

> In cases like this, I assume you're seeing the attack coming through
> someone's proxy server.
> Block the proxy. Whether you do this at the firewall, or at the local
> machine via ipfilter, ipchains, iptables, whatever, just block it.
> If you want to get creative, set up a local redirect on your webserver to
> redirect incoming connections from the open proxies to another page -
> "Access denied - open proxy."
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list

More information about the list mailing list