JC Dill wrote (on Thu, Mar 12, 2009 at 09:02:25AM -0700):
Ross wrote:
There seems to be a big misconception that he asked them to "hand over" the info. As I read the OP, he asked Comcast to do something about it and Comcast said "we can't do anything about it because we don't have logs". Here's a quote from the OP:
I've been nudging an operator at Covad about a handful of hosts from his DHCP pool that have been attacking - relentlessly port scanning - our assets. I've been informed by this individual that there's "no way" to determine which customer had that address at the times I list in my logs - even though these logs are sent within 48 hours of the incidents.
IMHO, that's a bunch of BS from whoever he's talking with at Comcast. In the normal course of business they would have logs of which customer had that IP just 48 hours earlier. They *can* do something about their customer. And they *should* do something about their customer who is causing problems on another network, the same as if that customer was spewing spam, or actually attacking (DDoS etc.) another network.
So the question circles back around to how does the OP get Comcast to step up, internally identify and take care of their problem customer? What path should he take to get connected with someone who has more clue about this type of problem so that they can address it in a timely fashion?
Has it come to needing to get a lawyer to write a strongly worded letter just to get this type of thing done today?
jc
[Disclaimer - I am a lawyer, and I write strongly worded letters to pay my bills.] Not to disagree with any of your points, but the OP (which you quoted!) was talking about Covad, while you're bashing Comcast. -- _________________________________________ Nachman Yaakov Ziskind, FSPA, LLM awacs@ziskind.us Attorney and Counselor-at-Law http://ziskind.us Economic Group Pension Services http://egps.com Actuaries and Employee Benefit Consultants