ed.truitt at etee2k.net
Thu Oct 3 13:11:38 GMT 2002
I guess I must have a *special* ISP then, too. Or else, I have a good
relationship with mine. I have no problems getting them to act on
portscanning/Nimda-scanning activities - in fact, normally by the time I
report what the tarpit sees, they have taken the machine off the 'Net and
told the person to fix it. Of course, the fact that the original Code Red
attack wreaked havoc with their DSL customers, who mostly had Cisco 67x
routers (which locked up when it with CR probes) may have helped. But, I
think it is mostly due to the fact that they are a small ISP/consulting
firm, who needs an edge to stay competitive - and that edge, for them, is
PGP fingerprint: 5368 D25E 468C A250 9833 CCD6 DBAE 9C25 02F9 0AB9
"Note to spammers: my 'delete' key is connected to YOUR ISP.
Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."
----- Original Message -----
From: "Ian Carter" <ianc at internode.net>
To: <list at dshield.org>
Sent: Wednesday, October 02, 2002 10:49 PM
Subject: Re: [Dshield] Why???
> "Port scanning wastes bandwidth, bandwidth that ISPs have to purchase"
> The bandwidth used by port scanning or for that matter all ICMP traffic is
> small potatoes. One user streaming videos, or downloading big warez apps
> a bigger issue.
> You must have a special ISP, most won't act on port-scanning complaints.
> Like ICMP echo, it is just knocking on doors looking for a response. Most
> AUP's specify PC security is the users responsibility. As far as working
> with other ISPs to report and prevent port scanning...there are more fun
> ways to waste time. You can lodge a complaint to the abuse address or the
> ARIN listed contact, but don't hold your breath waiting on a response.
More information about the list