[Dshield] I am in shock!!!!

Grant Thurman Grant at Netprecision.Net
Thu Mar 7 15:33:56 GMT 2002

I believe we are finding success by letting the foreign Admin's know we are
blocking their customers access to our Networks, never have I received a
reply from: libero.it (Italy), sent them a hacking complaint advising them
of impending IP blocks and got the following back:

"your report has been recorded and we are taking measures towards the
persons you have signaled. In the meantime would you please accept our
excuses for this inconvenience.

Best Regards

Abuse Staff
Wind Telecomunicazioni S.p.A
E-Mail: Abuse at libero.it"


Got another first time ever report back from: chtd.com.tw (Taiwan), sent
them a hacking complaint advising them of impending IP blocks and got the
following back:

Dear Sir,

       We have get your e- mail !! Thanks for your information
about the SPAM/Hack situation . About Spam/Hack problem ,
we must say sorry for you !!! Because we can not know our
customer who is a spammer/Hacker and whose equipment is
hacked to send spam mail or other users , we can not stop from
the illegal behavior immediately .

       If someone inform us about the SPAM/Hack , we will check
the SPAM/Hack that is true or false . If it is true , we will ask our
customer stop this behavior and check their equipment .

       We take the following steps if we are informed there is a
SPAM/Hack from our customer.
1.We will block the SPAM/Hack IP to access to our network immediately
   if it is verified. Then we will inform our customer and help them
   to fix this problem.
2.We also record the SPAM/Hack IP in our block-list and keep observing.
   We will not remove the SPAM/Hack IP from the block list until
   they stop the SPAM/Hack.

        Besides we request our customer , we also make public the
SPAM/Hack ip on the web site .
( http://spam.web.hinet.net/black_list.html or  http://spam.web.hinet.net/ )

        Because Our processing program decisions stop service about
7 days , you will get the hack action or the spam mail until we stop
service . If you still have any question about SPAM , you can send
a mail to our SPAM/Hack-Dept !! We will try to solve your question .
( spam at ms1.hinet.net / anlu at chtd.com.tw / matthrew at chtd.com.tw )

        For this reason, could you please give me the block-list of HiNet
IPs and release these IPs ? We will take care the SPAM/Hack from
HiNet . If you have any comment or suggestion, please contact
marcwang at chtd.com.tw . I will try to solve the SPAM/Hack problem.

        We have already blocked the IP ( ) and stopped
the Access service of the SPAM IP ( ) . Therefore ,
you will not receive the SPAM mail from the IP ( ).


Is this the start of something good????

 Below is a copy of the template I use to complain:

Your user xxx.xxx.xxx.xxx is probing and/or attacking our network, your IP
xxx.xxx.xxx.xxx is being blocked and forwarded to DShield. - Distributed
Intrusion Detection System at: http://www.dshield.org.

Users from your IP block Netblock: xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx are now
blocked from xxxx.Network until you resolve this issue.

Please deal with this according to your rules of use and advise us of the
outcome, please act on this as you would expect us to if the rolls were

Your client/customer will be held liable for all repair and legal costs if
we determine any damage has been done to any of our systems.

All times are PST (PDT), -8:00 USA.

Best Reagards,

Grant Thurman
Netprecision, Inc.
714.832.8932 Cell: 714.813.3690

More information about the list mailing list