Abuse response times from Xtra

Discussion in 'NZ Computing' started by Bryce Utting, Jun 6, 2005.

  1. Bryce Utting

    Bryce Utting Guest

    am I the only one to find Xtra's abuse desk bloody useless?

    July last year, one of their infected customers was hitting us with
    who-knows-what virus du jour, so I sent them a friendly "Dictionary
    attack from Xtra dialup" msg with some log extracts on the 17th. by
    the 28th, it was still coming in (clearly the same machine, since the
    forged from and to addresses matched and were unique in the logs), so
    I wound up sending them an ALL CAPS followup with more logs.

    the noise stopped, finally, and a few days later they tell me:

    > Please be assured Xtra investigates each reported occurrence of
    > virus/worm infected emails.


    this, at least, I'm glad for. I guess.

    on Friday, I find a bunch of MyTob banging at the doors (from a
    Jetstream user this time, possibly even on static IP), so I wrap up
    the logs nicely and pass 'em over. even so, there's more, and more,
    and more, coming in all the time. (a couple even struck lucky with
    their dictionary attacks[1] and winding up in /var/mail).

    *sigh*

    sent a followup yesterday (more logs), as well as calling the helpdesk
    (oh joy) to get them to raise an internal escalation.

    no action.

    another ALL CAPS followup today, with the usual autoreply, and the
    usual complete lack of action.

    this is sort-it-out-within-24-hours territory, even with the long
    weekend, yet days (and three full reports) later nothing's happened.

    is this typical of others' experience with them, or am I just unlucky?

    also, is anyone else seeing any incoming from 210.86.70/24? I kinda
    wonder if I'm the only one raising the alarms with them, and whether
    they've got some boneheaded "one complaint is insufficient to act"
    mechanism in effect despite their assurances above.


    butting

    [1] a small lies-to-children, that: it looks like this MyTob variant
    slurps from address books, filters out a bunch of target-poor
    domains, then looses fire at the remaining addresses and runs
    (first-name) dictionary attacks on domains from that set.
     
    Bryce Utting, Jun 6, 2005
    #1
    1. Advertising

  2. Bryce Utting wrote:
    > am I the only one to find Xtra's abuse desk bloody useless?


    no.

    >>Please be assured Xtra investigates each reported occurrence of
    >>virus/worm infected emails.


    > this, at least, I'm glad for. I guess.


    haha good then, I don't think they do, atleast they don't seem to be
    replying to mine to confirm anything.

    > is this typical of others' experience with them, or am I just unlucky?


    nope, very very typical.

    > also, is anyone else seeing any incoming from 210.86.70/24? I kinda
    > wonder if I'm the only one raising the alarms with them, and whether
    > they've got some boneheaded "one complaint is insufficient to act"
    > mechanism in effect despite their assurances above.


    I'm raising them, for the moment the filters are just getting IP's added
    to them.
     
    Dave - Dave.net.nz, Jun 6, 2005
    #2
    1. Advertising

  3. Bryce Utting

    Bryce Utting Guest

    Dave - Dave.net.nz wrote:
    > Bryce Utting wrote:
    >> am I the only one to find Xtra's abuse desk bloody useless?

    >
    > no.


    well, that's encouraging, I guess ;/

    >>>Please be assured Xtra investigates each reported occurrence of
    >>>virus/worm infected emails.

    >
    >> this, at least, I'm glad for. I guess.

    >
    > haha good then, I don't think they do, atleast they don't seem to be
    > replying to mine to confirm anything.


    time to pay a visit to rfc-ignorant on their behalf, ya reckon?

    >> also, is anyone else seeing any incoming from 210.86.70/24? I kinda
    >> wonder if I'm the only one raising the alarms with them, and whether
    >> they've got some boneheaded "one complaint is insufficient to act"
    >> mechanism in effect despite their assurances above.

    >
    > I'm raising them, for the moment the filters are just getting IP's added
    > to them.


    I wish. I'm looking at setting up SMTH auth soon, and some of my
    roaming users come in from Xtra's netspace from time to time.

    dammit.

    also, 30 more attempts today from that one IP, but none of 'em to
    valid addresses. thank heaven.


    butting
     
    Bryce Utting, Jun 7, 2005
    #3
  4. Bryce Utting

    Rob J Guest

    In article <d80uff$rea$> in nz.comp on Mon, 6 Jun 2005
    07:37:19 +0000 (UTC), Bryce Utting <> says...
    > am I the only one to find Xtra's abuse desk bloody useless?
    >
    > July last year, one of their infected customers was hitting us with
    > who-knows-what virus du jour, so I sent them a friendly "Dictionary
    > attack from Xtra dialup" msg with some log extracts on the 17th. by
    > the 28th, it was still coming in (clearly the same machine, since the
    > forged from and to addresses matched and were unique in the logs), so
    > I wound up sending them an ALL CAPS followup with more logs.
    >
    > the noise stopped, finally, and a few days later they tell me:
    >
    > > Please be assured Xtra investigates each reported occurrence of
    > > virus/worm infected emails.

    >
    > this, at least, I'm glad for. I guess.
    >
    > on Friday, I find a bunch of MyTob banging at the doors (from a
    > Jetstream user this time, possibly even on static IP), so I wrap up
    > the logs nicely and pass 'em over. even so, there's more, and more,
    > and more, coming in all the time. (a couple even struck lucky with
    > their dictionary attacks[1] and winding up in /var/mail).
    >
    > *sigh*
    >
    > sent a followup yesterday (more logs), as well as calling the helpdesk
    > (oh joy) to get them to raise an internal escalation.
    >
    > no action.
    >
    > another ALL CAPS followup today, with the usual autoreply, and the
    > usual complete lack of action.
    >
    > this is sort-it-out-within-24-hours territory, even with the long
    > weekend, yet days (and three full reports) later nothing's happened.
    >
    > is this typical of others' experience with them, or am I just unlucky?
    >
    > also, is anyone else seeing any incoming from 210.86.70/24? I kinda
    > wonder if I'm the only one raising the alarms with them, and whether
    > they've got some boneheaded "one complaint is insufficient to act"
    > mechanism in effect despite their assurances above.


    Xtra are cowboys
     
    Rob J, Jun 7, 2005
    #4
  5. Bryce Utting

    Bryce Utting Guest

    I wrote:
    >>> am I the only one to find Xtra's abuse desk bloody useless?

    >
    > dammit.
    >
    > also, 30 more attempts today from that one IP, but none of 'em to
    > valid addresses. thank heaven.


    would you believe it?

    Xtra Security and Abuse Team <> finally wrote to
    me--

    : Thank you for the information regarding abuse of our internet
    : service. We have investigated the incident based on the information
    : supplied and have taken the appropriate action by temporarily
    : suspending the infected account until the infection is removed.

    .... at 12:41 today. the original report? 3/06/2005 4:13pm.

    bloody useless.


    butting
     
    Bryce Utting, Jun 7, 2005
    #5
  6. Bryce Utting

    Bret Guest

    On Tue, 7 Jun 2005 01:06:59 +0000 (UTC), Bryce Utting
    <> wrote:

    >I wrote:
    >>>> am I the only one to find Xtra's abuse desk bloody useless?

    >>
    >> dammit.
    >>
    >> also, 30 more attempts today from that one IP, but none of 'em to
    >> valid addresses. thank heaven.

    >
    >would you believe it?
    >
    >Xtra Security and Abuse Team <> finally wrote to
    >me--
    >
    >: Thank you for the information regarding abuse of our internet
    >: service. We have investigated the incident based on the information
    >: supplied and have taken the appropriate action by temporarily
    >: suspending the infected account until the infection is removed.
    >
    >... at 12:41 today. the original report? 3/06/2005 4:13pm.
    >
    >bloody useless.
    >
    >

    They read your post here :)
     
    Bret, Jun 7, 2005
    #6
  7. In article <>,
    Bret <> wrote:

    >They read your post here :)


    nz.comp = the "Fair Go" of the Internet? Wow. :)
     
    Lawrence D'Oliveiro, Jun 7, 2005
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Memnoch
    Replies:
    6
    Views:
    1,733
    vishnuasok
    Nov 16, 2011
  2. Replies:
    6
    Views:
    9,276
    Vincent C Jones
    Jan 24, 2006
  3. Mara

    Fighting abuse with abuse

    Mara, Mar 21, 2005, in forum: Computer Support
    Replies:
    70
    Views:
    1,734
  4. Peter =?UTF-8?B?S8O2aGxtYW5u?=

    Re: Fighting abuse with abuse

    Peter =?UTF-8?B?S8O2aGxtYW5u?=, Mar 22, 2005, in forum: Computer Information
    Replies:
    0
    Views:
    477
    Peter =?UTF-8?B?S8O2aGxtYW5u?=
    Mar 22, 2005
  5. Dr Wankfest

    Abuse of the Net/Abuse on the Net

    Dr Wankfest, Jul 14, 2006, in forum: Computer Support
    Replies:
    14
    Views:
    670
    Plato
    Jul 19, 2006
Loading...

Share This Page