RE: PacBell Security/Abuse contact
Does anyone have an opinion on a decent ISP out there that's proven to work with the customer during a DDOS storm? Rick Cheung -----Original Message----- From: Jeremy T. Bouse [mailto:Jeremy.Bouse@undergrid.net] Sent: Monday, March 25, 2002 2:46 PM To: nanog@merit.edu Subject: Re: PacBell Security/Abuse contact More specifically I belive this is a Distributed Reflection DoS like what hit GRC.COM back on Jan 11th... Basically a flood of SYN packets to well known ports from IPs which appear to be spoofed. I've actually been riding it out now for over 2 weeks... The tech support is completely inept and trying to contact security/abuse is pointless. Final realization of this was when I was investigating another PacBell customers box which had been compromised via another PacBell customer machine. After the forensics to get back logs and track the intrusion I tried contacting PacBell to no avail and then resulting it tryin to get in contact with their customer directly. Which I managed to do and resolve the issue... I've never dealt with such an inept company before. Jeremy On Mon, Mar 25, 2002 at 11:18:23AM -0800, Daniel M. Spielman wrote:
At 11:11 PM 3/24/2002 -0800, you wrote:
Anyone have a telephone number that can reach a live person within Pacific Bell's Security/Abuse department? PacBell's technical support is completely inept with trying to help their customers when under any form of network attack other than passing you to a toll-free number which informs you to send email to an address that goes without answer.
Respectfully, Jeremy T. Bouse UnderGrid Network Services
I've had a similar experience with their tech team. I was being dos'd from a college in Chicago so I contacted them to have it filtered
out
and they had no idea what I meant. They suggested I email the Admin at the
college to get it resolved. I started screaming at them how am i going to email someone when I am being attacked. Then they transferred me to their
supervisor who was even more inept then they were. Frankly i gave up and just waited out the dos attack which lasted 2 1/2 days.
UUnet, excellent responsive abuse team IMHO. jm On Monday, March 25, 2002, at 12:12 PM, Cheung, Rick wrote:
Does anyone have an opinion on a decent ISP out there that's proven to work with the customer during a DDOS storm?
Rick Cheung
-----Original Message----- From: Jeremy T. Bouse [mailto:Jeremy.Bouse@undergrid.net] Sent: Monday, March 25, 2002 2:46 PM To: nanog@merit.edu Subject: Re: PacBell Security/Abuse contact
More specifically I belive this is a Distributed Reflection DoS like what hit GRC.COM back on Jan 11th... Basically a flood of SYN packets to well known ports from IPs which appear to be spoofed. I've actually been riding it out now for over 2 weeks...
The tech support is completely inept and trying to contact security/abuse is pointless. Final realization of this was when I was investigating another PacBell customers box which had been compromised via another PacBell customer machine. After the forensics to get back logs and track the intrusion I tried contacting PacBell to no avail and then resulting it tryin to get in contact with their customer directly. Which I managed to do and resolve the issue... I've never dealt with such an inept company before.
Jeremy
On Mon, Mar 25, 2002 at 11:18:23AM -0800, Daniel M. Spielman wrote:
At 11:11 PM 3/24/2002 -0800, you wrote:
Anyone have a telephone number that can reach a live person within Pacific Bell's Security/Abuse department? PacBell's technical support is completely inept with trying to help their customers when under any form of network attack other than passing you to a toll-free number which informs you to send email to an address that goes without answer.
Respectfully, Jeremy T. Bouse UnderGrid Network Services I've had a similar experience with their tech team. I was being dos'd from a college in Chicago so I contacted them to have it filtered
and they had no idea what I meant. They suggested I email the Admin at
college to get it resolved. I started screaming at them how am i going to email someone when I am being attacked. Then they transferred me to
out the their
supervisor who was even more inept then they were. Frankly i gave up and just waited out the dos attack which lasted 2 1/2 days.
On Mon, 25 Mar 2002, Jon Mansey wrote:
UUnet, excellent responsive abuse team IMHO.
Too bad they don't seem to have a spam abuse department anymore. I've been complaining about a continuing flood of spam from "jumpjive.com" (another lying "you-opted-in-to-receive-our-crap" outfit) with nothing but auto-ignores to show for it. /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ Patrick Greenwell Asking the wrong questions is the leading cause of wrong answers \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
UUNet, by far is the best. I've had mixed results with Sprint. A couple of years ago I had to deal with Hurricane Electric and the tech was really good about it - he added in the ACL I needed right over the phone. Also, I know of a couple providers in the upper midwest that are pretty good at working with DOS stuff. Email me off list if you are interested. -Eric On Mon, 25 Mar 2002, Cheung, Rick wrote:
Date: Mon, 25 Mar 2002 14:12:02 -0600 From: "Cheung, Rick" <Rick.Cheung@NextelPartners.com> To: nanog@merit.edu Subject: RE: PacBell Security/Abuse contact
Does anyone have an opinion on a decent ISP out there that's proven to work with the customer during a DDOS storm?
According to a recent salary survey telephone companies have some of the lowest paid information security professionals in comparison with other technology corporations, federal government, or financial companies. When the US Transportation Security Administration (aka, the agency in charge of airport screeners) is paying their computer security people more than telephone companies, its hard for phone companies to attact top security talent. Customers need to let companies know that security and responsiveness affects their purchasing decisions. I think some companies are getting the message. But in today's market, with tight budgets and layoffs, security is often viewed as overhead. A lot of providers are lucky if they have one network engineer who does security stuff in her spare time. Full-fledge security departments are rare. On Mon, 25 Mar 2002, Eric Whitehill wrote:
UUNet, by far is the best. I've had mixed results with Sprint. A couple of years ago I had to deal with Hurricane Electric and the tech was really good about it - he added in the ACL I needed right over the phone.
Also, I know of a couple providers in the upper midwest that are pretty good at working with DOS stuff. Email me off list if you are interested.
On Mon, 25 Mar 2002, Sean Donelan wrote: :Customers need to let companies know that security and responsiveness :affects their purchasing decisions. I think some companies are getting :the message. But in today's market, with tight budgets and layoffs, :security is often viewed as overhead. The mantra at the consulting firms I have had conversatons with is showing ROI for security services. I think that much of the value in security services to date has been in the anti-virus field. The reason for this is that one can easily measure and express the costs saved by being immune to a particular virus or worm, which might have cost a day or more of business. Contrasted with the number of new virus reports affecting M$ products on a daily basis, the value is pretty easy to see. It can be difficult to show the returned value of auditing acl's, or implementing an IDS infrastructure, despite the profound importance of doing so. Nimda and CodeRed were excellent indicators of how a good security policy can be a competetive edge during (increasingly common) global incidents. Hopefully we will see more security folks pressing this message, and more decision makes hearing it. :A lot of providers are lucky :if they have one network engineer who does security stuff in her spare :time. Full-fledge security departments are rare. This is where managed security services are gaining popularity. Regardless of the technical merits of assembling some COTS solutions and generating periodic reports, it can be more cost effective than hiring CCSP/GIAC/CISSP's at $60-90k USD a pop, while still operating with some reasonable level of assurance that your infrastructure is being monitored. -- batz
Date: Tue, 26 Mar 2002 12:56:39 -0500 (EST) From: batz <batsy@vapour.net>
(snip)
Nimda and CodeRed were excellent indicators of how a good security policy can be a competetive edge during (increasingly common) global incidents. Hopefully we will see more security folks pressing this message, and more decision makes hearing it.
Sun Tzu and Lao Tze in the 3967/3561 thread... ...anyone else read Demming or other TQM proponents? Visible numbers only syndrome is the problem with many people's attitudes toward security... I could name a local (Wichita) company that for the longest time was running IIS4 + SP5, vulnerable to the iishack buffer overrun. They stored their websites and company files on said machine. The goons^H^H^H^H^Hconsultants who set it up gave a big "it's secure because it's NT -- look, it asks for passwords" spiel that management bought. Even after one of their employees _demonstrated_ how an arbitrary person could break in. Response? "We're not that big... nobody would be that interested in us." Warnings about random scans fell on deaf ears. Service patches were never applied. When some suspicious happenings left said server inoperable, they just installed Win2000 and went on, not caring what had happened or why. No, I was not the employee. A friend of mine worked there before getting fed up and quitting. "If it works, it must be right," versus, "It doesn't truly work unless it's right." I find it amusing how the same people keep who keep things under tight physical lock and key are so lax and apathetic about electronic security. As Demming said, "People who buy on price alone deserve to get rooked." Eddy Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence -- Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <blacklist@brics.com> To: blacklist@brics.com Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <blacklist@brics.com>, or you are likely to be blocked.
participants (7)
-
batz
-
Cheung, Rick
-
E.B. Dreger
-
Eric Whitehill
-
Jon Mansey
-
Patrick
-
Sean Donelan