[Dshield] NETBIOS Probe

Tom Geairn tgeairn at newviewconsulting.com
Tue Mar 26 15:33:07 GMT 2002

Hash: SHA1


I've generally had my successes with smaller, local ISPs.  With
larger companies (AT&T is my current battle ground), the best bet is
usually through a customer service channel.  What you're looking for
is the people or department responsible for router configuration. 
Security departments don't generally care.  Sometimes I've been lucky
by either telnetting to an upstream router and getting contact info
from the sign on screen or polling SNMP data from upstream routers. 
These methods should (of course) be used with care.  Some ISPs
consider polling SNMP data as unauthorized use of their equipment. 
You can always start sending emails to the contact addresses for the
net block(s) you are connecting through.  The key here is to not mass
mail people, they will ignore you.  Send personal messages and always
give them only two choices: Help me or refer me to someone who can. 
Play to their egos.

If the DSL service is a business install, you will often have an
install coordinator or something like that.  This person is generally
a good go-to for contact info.  There really are people at these
companies who want to do a good job, and who enjoy a challenge.  Once
you get past the first tier or two of "tech support" (notice the
quotes <grin>), you will start to find competent people.  Again, play
to their egos: "If you don't know how to do this, perhaps you can
refer me to someone you can..."  IF their policies and the
bureaucracy will allow them to fix something, they will.  With larger
ISPs this is a big IF.

- -Tom Geairn
NewView Consulting, LLC

- -----Original Message-----
From: bradw [mailto:tildar at sta-care.com] 
Sent: Tuesday, March 26, 2002 9:26 AM
To: Tom Geairn
Subject: RE: [Dshield] NETBIOS Probe

*** PGP Signature Status: good
*** Signer: Bradley D Wyman (secondary office account)
<tildar at sta-care.com> (Invalid)
*** Signed: 3/26/2002 9:26:15 AM
*** Verified: 3/26/2002 9:21:24 AM

On Mon, 25 Mar 2002, Tom Geairn wrote:

> Not a day goes by without my having a voice or email exchange with
> some ISP, where I ask them to PLEASE, PLEASE filter out NetBIOS on
> their incoming access lists.

So who do you contact at these isp's?  I would love to try getting
to add such filtering to their dsl network. Any sugestions or tactics
you think may be helpfull in doing this?  I have given up talking at
suport people, what's the best way to get in contact with someone
that has
a clue?

- --
Brad Wyman           |\      _,,,---,,_
bradw at sta-care.com  /,`.-'`'    -.  ;-;;,_
Network Admin      |,4-  ) )-,_. ,\ (  `'-'
Sta-Care, Inc.    '---''(_/--'  `-'_)

PGP Fingerprint: 8B1E E12F 3982 0D54 E01C  DFD3 898B 6CA3 ED6F 3E56


Version: PGP 7.1


More information about the list mailing list