In message <26b01962-9b09-11cb-0ac8-89cf3e0a5f96@nuclearfallout.net>, John Weekes <jw@nuclearfallout.net> wrote:
... I've recorded about 2.4 million IP addresses involved in the last two months (a number that is higher than the number of actual devices, since most seem to have dynamic IP addresses). The ISPs behind those IP addresses have received notifications via email...
Just curious... How well is that working out? I've tried this myself a few times in the past, when I've found things that appear to be seriously compromised, and for my extensive trouble I've mostly received back utter silence and no action. I remember that after properly notifying security@ some large end-luser cable network in the SouthEast (which shall remain nameless) I got back something along the lines of "Thank you. We'll look into it." and was disgusted to find, two months later, that the boxes in question were still utterly pwned and in the exact same state they were two months prior, when I had first reported them. I guess that's just an example of what somebody else already noted here, i.e. that providers don't care to spend the time and/or effort and/or money necessary to actually -do- anything about compromised boxes, and anyway, they don't want to lose a paying customer. So, you know, let's just say for the sake of argument that right now, today, I know about a botnet consiting of a quarter million popped boxes, and that I have in-hand all of the relevant IPs, and that I have no trouble finding contact email addresses for all of the relevant ASNs. So then what? The question is: Why should I waste my time informing all, or even any of these ASNs about the popped boxes on their networks when (a) I am not their customer... as many of them have been only too happy to gleefully inform me in the past... and when (b) the vast majority simply won't do anything with the information? And while we are on the subject, I just have to bring up one of my biggest pet peeves. Why is it that every time some public-spirited altrusitc well-meaning citizen such as myself reports any kind of a problem to any kind of a company on the Internet, the report itself gets immediately labeled and categorized as a "complaint". If I spend some of -my- valuable time to helpfully try to let somebody else know of a problem on their network, or with their web site, and if that report gets categorized as a "complaint" then what does that make me? A "complainer"?? I don't need this kind of abuse and denegration from people who I'm trying to help. Like most other people, if I am in need of some personal denegration and abuse... well... I have relatives for that. Regards, rfg