Re: Providers removing blocks on port 135?
At 01:55 PM 21/09/2003, Justin Shore wrote:
On Sun, 21 Sep 2003, Mike Tancsa wrote:
Yes, this is all too familiar. Luckily it was not so acute for us. The porn company in question was using legit credit cards and we knew where they were located. We too got to the point where I had to contemplate blocking dialups with no ANI as I had already blocked all access from their phone numbers. However, once they started doing that I called up their office yelling and screaming law suits and I guess they figured there were other ISPs that didnt care as much and moved on to them.
I don't know if you did this but if it were me I'd have contacted two other places. The first would have been the credit card companies with the stolen credit cards.
The credit cards in our case were legit. They were different numbers, but they were not stolen.
They are usuaully fairly responsive when it comes to them loosing money. Secondly after I contacted the local police, state BI, and perhaps the FBI (assuming no luck could be had with any of them)
I am in Canada, but I know that it has been stated that the FBI will not investigate computer fraud if damage is under $100,000.
I would have given the story to the local media. There's nothing like a little bad PR to give law enforcement a little kick in the butt.
I doubt a porn company with international clientele would give a toss about what the local media say.
If your newspapers where you're at are anything like our's, they love to print a good scandal involving the local government.
Local government has nothing to do with it. It was just some dime a dozen porn company. ---Mike
I am not advocating that at all. ("everyone's doing it, so let's not bother") However, I dont see what the municipal government has to do with a matter like this. I imagine its a civil issue where you have to get the lawyers involved :( Certainly if the company persisted, we would have done so. The fact that they can then go to another ISP who does not care and allows them to use their network is another issue. ---Mike At 12:11 PM 23/09/2003, Jack Bates wrote:
Mike Tancsa wrote:
Local government has nothing to do with it. It was just some dime a dozen porn company.
Back to the "everyone's doing it, so let's not bother" syndrome.
-Jack
Mike Tancsa wrote:
I am not advocating that at all. ("everyone's doing it, so let's not bother") However, I dont see what the municipal government has to do with a matter like this. I imagine its a civil issue where you have to get the lawyers involved :( Certainly if the company persisted, we would have done so. The fact that they can then go to another ISP who does not care and allows them to use their network is another issue.
Of course, it depends on the local laws, but in many locations, pornography has a lot of restrictions and when those restrictions are broken, it becomes a criminal matter. For example, most of my user's have "family" accounts. This means that their email is not only theirs but their children and grandchildren's. Even if the owner of the account is an adult, the fact that their children are present when they read their email means that all pornographic spam they receive is essentially being delivered to a minor. This is especially true with misleading subject lines where children are exposed to unwanted material before anyone realizes it. In Oklahoma, at least, it is a criminal offense to expose children to pornographic material. -Jack
At 01:18 PM 23/09/2003, Jack Bates wrote:
Mike Tancsa wrote:
I am not advocating that at all. ("everyone's doing it, so let's not bother") However, I dont see what the municipal government has to do with a matter like this. I imagine its a civil issue where you have to get the lawyers involved :( Certainly if the company persisted, we would have done so. The fact that they can then go to another ISP who does not care and allows them to use their network is another issue.
Of course, it depends on the local laws, but in many locations, pornography
This user was sending *out* from our network, not to our users. It would have been up to the authorities in said localities to bring charges against them. I did what I could here. The only cost effective way to deal with things like this is for the ISP to act which we did. Oklahoma would be foolish to spend tens of thousands of dollars to go after this idiot. Really, your state money is better spent elsewhere. This is not very different than the ISPs out there not bothering to clean up their infected users (my favorite rant for the quarter). Looking at http://isc.sans.org/port_details.html?port=135&repax=1&tarax=2&srcax=2&percent=N&days=70&Redraw=Submit+Query it would appear by the number of source addresses, there has not been any significant reduction in blaster and its variants. ---Mike
has a lot of restrictions and when those restrictions are broken, it becomes a criminal matter. For example, most of my user's have "family" accounts. This means that their email is not only theirs but their children and grandchildren's. Even if the owner of the account is an adult, the fact that their children are present when they read their email means that all pornographic spam they receive is essentially being delivered to a minor. This is especially true with misleading subject lines where children are exposed to unwanted material before anyone realizes it. In Oklahoma, at least, it is a criminal offense to expose children to pornographic material.
-Jack
On Tue, 23 Sep 2003, Mike Tancsa wrote:
The credit cards in our case were legit. They were different numbers, but they were not stolen.
That would make a difference. The credit card companies probably wouldn't care if you told them that the cards were being used by their customer for illegal activity. Stolen, maybe. Anything else they could probably care less about.
They are usuaully fairly responsive when it comes to them loosing money. Secondly after I contacted the local police, state BI, and perhaps the FBI (assuming no luck could be had with any of them)
I am in Canada, but I know that it has been stated that the FBI will not investigate computer fraud if damage is under $100,000.
I didn't realize you were in Canada. That makes a difference. The dollar amount with the FBI varies widely. I've heard over $5,000, $25,000, $50,000, now $100,000. I don't think there's a hard set rule. I think it basically boils down to the old fashioned will-it-get-us-good-PR-with-little-or-not-work rule of thumb. :)
I doubt a porn company with international clientele would give a toss about what the local media say.
Local media would have been useful not against the spammers but against the local lw enforcement that refuses to do anything about it. Since however your local law enforncement can't do much about (international borders et al) then the local media wouldn't really care.
Local government has nothing to do with it. It was just some dime a dozen porn company.
Ditto for what I said above. The part about being in Canada changes things considerably from what I was assuming. I must have missed that earlier. Still it's worked in the past in other circumstances so the practice is fairly sound. It just won't work in your case. My only other advice would involve what's suggested in man 8 syslogd under "SECURITY THREATS," option number 5. Best of luck. Justin
participants (3)
-
Jack Bates
-
Justin Shore
-
Mike Tancsa