what's a good way to annoy the hell out of somebody at chello.be?
a customer of chello.be has been repeating a dns dynamic update against my zone every four minutes since october 20. chello's abuse reporting channel is no doubt full of spam reports. their noc no doubt doesn't care about end-user problems. i nmap'd the offending box: Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-11-05 17:24 GMT Interesting ports on cable-62-205-122-245.upc.chello.be (62.205.122.245): (The 1638 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 9/tcp open discard 13/tcp open daytime 21/tcp open ftp 25/tcp open smtp 37/tcp filtered time 53/tcp open domain 111/tcp open rpcbind 113/tcp filtered auth 135/tcp filtered msrpc 137/tcp filtered netbios-ns 138/tcp filtered netbios-dgm 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 515/tcp open printer 548/tcp open afpovertcp 1024/tcp open kdm 1025/tcp open NFS-or-IIS 1026/tcp filtered LSA-or-nterm 8009/tcp open ajp13 8080/tcp open http-proxy 10000/tcp open snet-sensor-mgmt and i connected to every one of those services that i had a client for, and sent mail to the postmaster (using telnet and the @[] notation), but i think i have not done enough to set off any kind of intrusion detection systems. what's a socially acceptable way to be rude enough to make these people pay attention to me? i'm asking not just for this host -- i'm hoping there's a "community standard" i can follow, and recommend that others follow. the box is raw debian. in fact its hostname (according to its exim and bind) is "debian". i don't think anybody's reading its "postmaster" mailbox. i do not think there is any evil intent in the updates they won't stop sending me, but they're filling my logs and i don't want to firewall them.
we all have this kind of problem. if you're on freebsd, man ipfw. i am sure there are similar on other oss. randy
On Fri, 05 Nov 2004 17:54:03 +0000, Paul Vixie <paul@vix.com> wrote:
a customer of chello.be has been repeating a dns dynamic update against my zone every four minutes since october 20. chello's abuse reporting channel is no doubt full of spam reports. their noc no doubt doesn't care about end-user problems.
Voice phone call to their NOC, maybe? Old-fashioned, but sometimes it helps. Alternatively, an SMTP alphabet spam against their box ought to find some email address beside the unread postmaster - but try sending mail to "root" first. Or just filter out their IP address.
On 2004-11-05, Andreas Ott <andreas@naund.org> wrote:
compose a 'written-by-a-lawyer' looking letter in plain text and print it out. I bet 515/udp is open as well and most printers can handle plain ASCII.
515/tcp open printer
Ron Guilmette used to notify operators of insecure machines with remote writes to syslog (that'd get logged on the console, as like as not) .. that didn't exactly win him friends or influence people (including Paul Vixie I think) some 5..6 years back :) srs
Paul Vixie wrote:
a customer of chello.be has been repeating a dns dynamic update against my zone every four minutes since october 20. chello's abuse reporting channel is no doubt full of spam reports. their noc no doubt doesn't care about end-user problems. i nmap'd the offending box:
Hmmm.. Couldn't sending them [and only them] specifically bad information for your zone... say everything (*) goes to a webpage that says "you REALLY need to fix this?" I think most ISPs could reach their unreachable customers by forcing all their connections [http at least] to a page that starts out with "your web surfing has been interrupted because we need to talk to you... please wait 60 seconds to be taken to the web page you wanted to get to. Or just call us.." And the time keeps getting longer... and longer... as more time passes without it being cleared by the noc. It seems to get my attention in hotels when they hotel does it to me [and expires my dhcp ip]. Usually that is just that I need to renew my daily IP subscription, but you get the drift. If they are requesting information from you, give them information that directs them to contact you. [I am imagining a world where every file on an FTP server becomes a README when you have violated their access rules]. Not saying its a good idea.. Just an idea. Deepak
participants (6)
-
Andreas Ott
-
Bill Stewart
-
Deepak Jain
-
Paul Vixie
-
Randy Bush
-
Suresh Ramasubramanian