«

am I the only one to find Xtra's abuse desk bloody useless?

July last year, one of their infected customers was hitting us with
who-knows-what virus du jour, so I sent them a friendly "Dictionary
attack from Xtra dialup" msg with some log extracts on the 17th. by
the 28th, it was still coming in (clearly the same machine, since the
forged from and to addresses matched and were unique in the logs), so
I wound up sending them an ALL CAPS followup with more logs.

the noise stopped, finally, and a few days later they tell me:

> Please be assured Xtra investigates each reported occurrence of
> virus/worm infected emails.

this, at least, I'm glad for. I guess.

on Friday, I find a bunch of MyTob banging at the doors (from a
Jetstream user this time, possibly even on static IP), so I wrap up
the logs nicely and pass 'em over. even so, there's more, and more,
and more, coming in all the time. (a couple even struck lucky with
their dictionary attacks[1] and winding up in /var/mail).

*sigh*

sent a followup yesterday (more logs), as well as calling the helpdesk
(oh joy) to get them to raise an internal escalation.

no action.

another ALL CAPS followup today, with the usual autoreply, and the
usual complete lack of action.

this is sort-it-out-within-24-hours territory, even with the long
weekend, yet days (and three full reports) later nothing's happened.

is this typical of others' experience with them, or am I just unlucky?

also, is anyone else seeing any incoming from 210.86.70/24? I kinda
wonder if I'm the only one raising the alarms with them, and whether
they've got some boneheaded "one complaint is insufficient to act"
mechanism in effect despite their assurances above.


butting

[1] a small lies-to-children, that: it looks like this MyTob variant
slurps from address books, filters out a bunch of target-poor
domains, then looses fire at the remaining addresses and runs
(first-name) dictionary attacks on domains from that set.

Bryce Utting wrote:
> am I the only one to find Xtra's abuse desk bloody useless?

no.

>>Please be assured Xtra investigates each reported occurrence of
>>virus/worm infected emails.

> this, at least, I'm glad for. I guess.

haha good then, I don't think they do, atleast they don't seem to be
replying to mine to confirm anything.

> is this typical of others' experience with them, or am I just unlucky?

nope, very very typical.

> also, is anyone else seeing any incoming from 210.86.70/24? I kinda
> wonder if I'm the only one raising the alarms with them, and whether
> they've got some boneheaded "one complaint is insufficient to act"
> mechanism in effect despite their assurances above.

I'm raising them, for the moment the filters are just getting IP's added
to them.

Dave - Dave.net.nz wrote:
> Bryce Utting wrote:
>> am I the only one to find Xtra's abuse desk bloody useless?
>
> no.

well, that's encouraging, I guess ;/

>>>Please be assured Xtra investigates each reported occurrence of
>>>virus/worm infected emails.
>
>> this, at least, I'm glad for. I guess.
>
> haha good then, I don't think they do, atleast they don't seem to be
> replying to mine to confirm anything.

time to pay a visit to rfc-ignorant on their behalf, ya reckon?

>> also, is anyone else seeing any incoming from 210.86.70/24? I kinda
>> wonder if I'm the only one raising the alarms with them, and whether
>> they've got some boneheaded "one complaint is insufficient to act"
>> mechanism in effect despite their assurances above.
>
> I'm raising them, for the moment the filters are just getting IP's added
> to them.

I wish. I'm looking at setting up SMTH auth soon, and some of my
roaming users come in from Xtra's netspace from time to time.

dammit.

also, 30 more attempts today from that one IP, but none of 'em to
valid addresses. thank heaven.


butting

In article <d80uff$rea$> in nz.comp on Mon, 6 Jun 2005
07:37:19 +0000 (UTC), Bryce Utting <> says...
> am I the only one to find Xtra's abuse desk bloody useless?
>
> July last year, one of their infected customers was hitting us with
> who-knows-what virus du jour, so I sent them a friendly "Dictionary
> attack from Xtra dialup" msg with some log extracts on the 17th. by
> the 28th, it was still coming in (clearly the same machine, since the
> forged from and to addresses matched and were unique in the logs), so
> I wound up sending them an ALL CAPS followup with more logs.
>
> the noise stopped, finally, and a few days later they tell me:
>
> > Please be assured Xtra investigates each reported occurrence of
> > virus/worm infected emails.
>
> this, at least, I'm glad for. I guess.
>
> on Friday, I find a bunch of MyTob banging at the doors (from a
> Jetstream user this time, possibly even on static IP), so I wrap up
> the logs nicely and pass 'em over. even so, there's more, and more,
> and more, coming in all the time. (a couple even struck lucky with
> their dictionary attacks[1] and winding up in /var/mail).
>
> *sigh*
>
> sent a followup yesterday (more logs), as well as calling the helpdesk
> (oh joy) to get them to raise an internal escalation.
>
> no action.
>
> another ALL CAPS followup today, with the usual autoreply, and the
> usual complete lack of action.
>
> this is sort-it-out-within-24-hours territory, even with the long
> weekend, yet days (and three full reports) later nothing's happened.
>
> is this typical of others' experience with them, or am I just unlucky?
>
> also, is anyone else seeing any incoming from 210.86.70/24? I kinda
> wonder if I'm the only one raising the alarms with them, and whether
> they've got some boneheaded "one complaint is insufficient to act"
> mechanism in effect despite their assurances above.

Xtra are cowboys

I wrote:
>>> am I the only one to find Xtra's abuse desk bloody useless?
>
> dammit.
>
> also, 30 more attempts today from that one IP, but none of 'em to
> valid addresses. thank heaven.

would you believe it?

Xtra Security and Abuse Team <> finally wrote to
me--

: Thank you for the information regarding abuse of our internet
: service. We have investigated the incident based on the information
: supplied and have taken the appropriate action by temporarily
: suspending the infected account until the infection is removed.

.... at 12:41 today. the original report? 3/06/2005 4:13pm.

bloody useless.


butting

On Tue, 7 Jun 2005 01:06:59 +0000 (UTC), Bryce Utting
<> wrote:

>I wrote:
>>>> am I the only one to find Xtra's abuse desk bloody useless?
>>
>> dammit.
>>
>> also, 30 more attempts today from that one IP, but none of 'em to
>> valid addresses. thank heaven.
>
>would you believe it?
>
>Xtra Security and Abuse Team <> finally wrote to
>me--
>
>: Thank you for the information regarding abuse of our internet
>: service. We have investigated the incident based on the information
>: supplied and have taken the appropriate action by temporarily
>: suspending the infected account until the infection is removed.
>
>... at 12:41 today. the original report? 3/06/2005 4:13pm.
>
>bloody useless.
>
>
They read your post here

In article <>,
Bret <> wrote:

>They read your post here

nz.comp = the "Fair Go" of the Internet? Wow.