Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > Abuse response times from Xtra

Reply
Thread Tools

Abuse response times from Xtra

 
 
Bryce Utting
Guest
Posts: n/a
 
      06-06-2005
am I the only one to find Xtra's abuse desk bloody useless?

July last year, one of their infected customers was hitting us with
who-knows-what virus du jour, so I sent them a friendly "Dictionary
attack from Xtra dialup" msg with some log extracts on the 17th. by
the 28th, it was still coming in (clearly the same machine, since the
forged from and to addresses matched and were unique in the logs), so
I wound up sending them an ALL CAPS followup with more logs.

the noise stopped, finally, and a few days later they tell me:

> Please be assured Xtra investigates each reported occurrence of
> virus/worm infected emails.


this, at least, I'm glad for. I guess.

on Friday, I find a bunch of MyTob banging at the doors (from a
Jetstream user this time, possibly even on static IP), so I wrap up
the logs nicely and pass 'em over. even so, there's more, and more,
and more, coming in all the time. (a couple even struck lucky with
their dictionary attacks[1] and winding up in /var/mail).

*sigh*

sent a followup yesterday (more logs), as well as calling the helpdesk
(oh joy) to get them to raise an internal escalation.

no action.

another ALL CAPS followup today, with the usual autoreply, and the
usual complete lack of action.

this is sort-it-out-within-24-hours territory, even with the long
weekend, yet days (and three full reports) later nothing's happened.

is this typical of others' experience with them, or am I just unlucky?

also, is anyone else seeing any incoming from 210.86.70/24? I kinda
wonder if I'm the only one raising the alarms with them, and whether
they've got some boneheaded "one complaint is insufficient to act"
mechanism in effect despite their assurances above.


butting

[1] a small lies-to-children, that: it looks like this MyTob variant
slurps from address books, filters out a bunch of target-poor
domains, then looses fire at the remaining addresses and runs
(first-name) dictionary attacks on domains from that set.
 
Reply With Quote
 
 
 
 
Dave - Dave.net.nz
Guest
Posts: n/a
 
      06-06-2005
Bryce Utting wrote:
> am I the only one to find Xtra's abuse desk bloody useless?


no.

>>Please be assured Xtra investigates each reported occurrence of
>>virus/worm infected emails.


> this, at least, I'm glad for. I guess.


haha good then, I don't think they do, atleast they don't seem to be
replying to mine to confirm anything.

> is this typical of others' experience with them, or am I just unlucky?


nope, very very typical.

> also, is anyone else seeing any incoming from 210.86.70/24? I kinda
> wonder if I'm the only one raising the alarms with them, and whether
> they've got some boneheaded "one complaint is insufficient to act"
> mechanism in effect despite their assurances above.


I'm raising them, for the moment the filters are just getting IP's added
to them.
 
Reply With Quote
 
 
 
 
Bryce Utting
Guest
Posts: n/a
 
      06-06-2005
Dave - Dave.net.nz wrote:
> Bryce Utting wrote:
>> am I the only one to find Xtra's abuse desk bloody useless?

>
> no.


well, that's encouraging, I guess ;/

>>>Please be assured Xtra investigates each reported occurrence of
>>>virus/worm infected emails.

>
>> this, at least, I'm glad for. I guess.

>
> haha good then, I don't think they do, atleast they don't seem to be
> replying to mine to confirm anything.


time to pay a visit to rfc-ignorant on their behalf, ya reckon?

>> also, is anyone else seeing any incoming from 210.86.70/24? I kinda
>> wonder if I'm the only one raising the alarms with them, and whether
>> they've got some boneheaded "one complaint is insufficient to act"
>> mechanism in effect despite their assurances above.

>
> I'm raising them, for the moment the filters are just getting IP's added
> to them.


I wish. I'm looking at setting up SMTH auth soon, and some of my
roaming users come in from Xtra's netspace from time to time.

dammit.

also, 30 more attempts today from that one IP, but none of 'em to
valid addresses. thank heaven.


butting
 
Reply With Quote
 
Rob J
Guest
Posts: n/a
 
      06-06-2005
In article <d80uff$rea$(E-Mail Removed)> in nz.comp on Mon, 6 Jun 2005
07:37:19 +0000 (UTC), Bryce Utting <(E-Mail Removed)> says...
> am I the only one to find Xtra's abuse desk bloody useless?
>
> July last year, one of their infected customers was hitting us with
> who-knows-what virus du jour, so I sent them a friendly "Dictionary
> attack from Xtra dialup" msg with some log extracts on the 17th. by
> the 28th, it was still coming in (clearly the same machine, since the
> forged from and to addresses matched and were unique in the logs), so
> I wound up sending them an ALL CAPS followup with more logs.
>
> the noise stopped, finally, and a few days later they tell me:
>
> > Please be assured Xtra investigates each reported occurrence of
> > virus/worm infected emails.

>
> this, at least, I'm glad for. I guess.
>
> on Friday, I find a bunch of MyTob banging at the doors (from a
> Jetstream user this time, possibly even on static IP), so I wrap up
> the logs nicely and pass 'em over. even so, there's more, and more,
> and more, coming in all the time. (a couple even struck lucky with
> their dictionary attacks[1] and winding up in /var/mail).
>
> *sigh*
>
> sent a followup yesterday (more logs), as well as calling the helpdesk
> (oh joy) to get them to raise an internal escalation.
>
> no action.
>
> another ALL CAPS followup today, with the usual autoreply, and the
> usual complete lack of action.
>
> this is sort-it-out-within-24-hours territory, even with the long
> weekend, yet days (and three full reports) later nothing's happened.
>
> is this typical of others' experience with them, or am I just unlucky?
>
> also, is anyone else seeing any incoming from 210.86.70/24? I kinda
> wonder if I'm the only one raising the alarms with them, and whether
> they've got some boneheaded "one complaint is insufficient to act"
> mechanism in effect despite their assurances above.


Xtra are cowboys
 
Reply With Quote
 
Bryce Utting
Guest
Posts: n/a
 
      06-07-2005
I wrote:
>>> am I the only one to find Xtra's abuse desk bloody useless?

>
> dammit.
>
> also, 30 more attempts today from that one IP, but none of 'em to
> valid addresses. thank heaven.


would you believe it?

Xtra Security and Abuse Team <(E-Mail Removed)> finally wrote to
me--

: Thank you for the information regarding abuse of our internet
: service. We have investigated the incident based on the information
: supplied and have taken the appropriate action by temporarily
: suspending the infected account until the infection is removed.

.... at 12:41 today. the original report? 3/06/2005 4:13pm.

bloody useless.


butting
 
Reply With Quote
 
Bret
Guest
Posts: n/a
 
      06-07-2005
On Tue, 7 Jun 2005 01:06:59 +0000 (UTC), Bryce Utting
<(E-Mail Removed)> wrote:

>I wrote:
>>>> am I the only one to find Xtra's abuse desk bloody useless?

>>
>> dammit.
>>
>> also, 30 more attempts today from that one IP, but none of 'em to
>> valid addresses. thank heaven.

>
>would you believe it?
>
>Xtra Security and Abuse Team <(E-Mail Removed)> finally wrote to
>me--
>
>: Thank you for the information regarding abuse of our internet
>: service. We have investigated the incident based on the information
>: supplied and have taken the appropriate action by temporarily
>: suspending the infected account until the infection is removed.
>
>... at 12:41 today. the original report? 3/06/2005 4:13pm.
>
>bloody useless.
>
>

They read your post here

 
Reply With Quote
 
Lawrence D'Oliveiro
Guest
Posts: n/a
 
      06-07-2005
In article <(E-Mail Removed)>,
Bret <(E-Mail Removed)> wrote:

>They read your post here


nz.comp = the "Fair Go" of the Internet? Wow.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Abuse of the Net/Abuse on the Net Dr Wankfest Computer Support 14 07-19-2006 10:31 PM
SetAuthCookie works some times and fails some times? =?Utf-8?B?bWF2cmlja18xMDE=?= ASP .Net 0 03-23-2006 09:24 PM
Huge ping times on adsl with XTRA Jennings NZ Computing 7 09-23-2005 09:23 AM
Fighting abuse with abuse Mara Computer Support 70 03-24-2005 08:30 PM
Re: Fighting abuse with abuse Peter =?UTF-8?B?S8O2aGxtYW5u?= Computer Information 0 03-22-2005 10:31 AM



Advertisments