Firewall under atack

Discussion in 'Computer Support' started by Gregory P. Stevens, Jan 3, 2004.

  1. I am using the sygate firewall, and every since I got DSL from Alltel, I
    have been under constant attack by someone's computer or something on the
    network that has a worm. Can anyone fix this???
     
    Gregory P. Stevens, Jan 3, 2004
    #1
    1. Advertising

  2. Gregory P. Stevens

    °Mike° Guest

    Turn off the prompts and let your firewall get on with it's
    job. That's what you installed it for. What you are seeing
    is, in all likelihood, normal background net traffic.


    On Sat, 3 Jan 2004 15:08:50 -0500, in
    <ojFJb.104$>
    Gregory P. Stevens scrawled:

    >I am using the sygate firewall, and every since I got DSL from Alltel, I
    >have been under constant attack by someone's computer or something on the
    >network that has a worm. Can anyone fix this???
    >
    >


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Jan 3, 2004
    #2
    1. Advertising

  3. Gregory P. Stevens

    Sultan Guest

    Gregory P. Stevens wrote in news:eek:jFJb.104$:

    > I am using the sygate firewall, and every since I got DSL from Alltel,
    > I have been under constant attack by someone's computer or something
    > on the network that has a worm. Can anyone fix this???
    >
    >
    >
    >


    Report the problem to your ISP. Give them the IP address of the attacker,
    be prepared to give them any other information they ask for as well that
    may help them to help you.

    Sultan


    -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
    http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
    -----== Over 100,000 Newsgroups - 19 Different Servers! =-----
     
    Sultan, Jan 3, 2004
    #3
  4. Gregory P. Stevens

    °Mike° Guest

    On 3 Jan 2004 14:27:01 -0600, in
    <Xns946592FEFB91Asultanofcyberhotmail@209.25.157.130>
    Sultan scrawled:

    >Gregory P. Stevens wrote in news:eek:jFJb.104$:
    >
    >> I am using the sygate firewall, and every since I got DSL from Alltel,
    >> I have been under constant attack by someone's computer or something
    >> on the network that has a worm. Can anyone fix this???
    >>

    >
    >Report the problem to your ISP. Give them the IP address of the attacker,
    >be prepared to give them any other information they ask for as well that
    >may help them to help you.
    >
    >Sultan


    Reporting network abuse (which I doubt *very* much that this is), should
    be done to the originating ISP. He is wasting his, and his ISPs time if he
    follows your advise -- it will be ignored.

    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Jan 3, 2004
    #4
  5. Gregory P. Stevens

    fkasner Guest

    Gregory P. Stevens wrote:
    > I am using the sygate firewall, and every since I got DSL from Alltel, I
    > have been under constant attack by someone's computer or something on the
    > network that has a worm. Can anyone fix this???
    >
    >
    >


    Are you referring to the fact that the Activity light keeps blinking
    fairly often with your DSL "mode"? If so that is not sign of an attack.
    The server keeps checking the connection to your "modem" regularly. Get
    a firewall that reports the nature of any "attack" and tells you what
    port was being attacked. You can also use a "stealth" setting that makes
    almost all ports invisible to any attacker.
    FK
     
    fkasner, Jan 3, 2004
    #5
  6. On Sat, 3 Jan 2004 15:08:50 -0500, "Gregory P. Stevens"
    <> wrote:

    >I am using the sygate firewall, and every since I got DSL from Alltel, I
    >have been under constant attack by someone's computer or something on the
    >network that has a worm. Can anyone fix this???
    >
    >


    If you're not getting any alerts from Sygate, then I would not sweat
    it. If you are, set the Advanced configurations to block the port or
    ports in which the attacks are trying to enter.
     
    David A. Seiver, Jan 3, 2004
    #6
  7. Gregory P. Stevens

    Sultan Guest

    °Mike° wrote in news::

    > On 3 Jan 2004 14:27:01 -0600, in
    > <Xns946592FEFB91Asultanofcyberhotmail@209.25.157.130>
    > Sultan scrawled:
    >
    >>Gregory P. Stevens wrote in
    >>news:eek:jFJb.104$:
    >>
    >>> I am using the sygate firewall, and every since I got DSL from
    >>> Alltel, I have been under constant attack by someone's computer or
    >>> something on the network that has a worm. Can anyone fix this???
    >>>

    >>
    >>Report the problem to your ISP. Give them the IP address of the
    >>attacker, be prepared to give them any other information they ask for
    >>as well that may help them to help you.
    >>
    >>Sultan

    >
    > Reporting network abuse (which I doubt *very* much that this is),
    > should be done to the originating ISP. He is wasting his, and his
    > ISPs time if he follows your advise -- it will be ignored.
    >


    While you doubt *very* much that this is the case do you in fact know it
    isn't with the limited amount of info supplied? Why not err on the side
    of caution and let his ISP decide if it is a waste of time or not? After
    all he is paying them for a service and if in fact he is seeing a very
    high level of attempts then he has a right to be concerned and to report
    it. I very much doubt they are that asinine to just ignore a paying
    customer no matter how lightly they take the inquiry.

    Sultan


    -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
    http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
    -----== Over 100,000 Newsgroups - 19 Different Servers! =-----
     
    Sultan, Jan 3, 2004
    #7
  8. Gregory P. Stevens

    °Mike° Guest

    On 3 Jan 2004 16:05:41 -0600, in
    <Xns9465A3B91C1E3sultanofcyberhotmail@209.25.157.130>
    Sultan scrawled:

    >°Mike° wrote in news::
    >
    >> On 3 Jan 2004 14:27:01 -0600, in
    >> <Xns946592FEFB91Asultanofcyberhotmail@209.25.157.130>
    >> Sultan scrawled:
    >>
    >>>Gregory P. Stevens wrote in
    >>>news:eek:jFJb.104$:
    >>>
    >>>> I am using the sygate firewall, and every since I got DSL from
    >>>> Alltel, I have been under constant attack by someone's computer or
    >>>> something on the network that has a worm. Can anyone fix this???
    >>>>
    >>>
    >>>Report the problem to your ISP. Give them the IP address of the
    >>>attacker, be prepared to give them any other information they ask for
    >>>as well that may help them to help you.
    >>>
    >>>Sultan

    >>
    >> Reporting network abuse (which I doubt *very* much that this is),
    >> should be done to the originating ISP. He is wasting his, and his
    >> ISPs time if he follows your advise -- it will be ignored.
    >>

    >
    >While you doubt *very* much that this is the case do you in fact know it
    >isn't with the limited amount of info supplied?


    I would put money on it.

    >Why not err on the side of caution and let his ISP decide if it is a waste
    >of time or not?


    It's not his ISPs job to decide whether firewall traffic is a waste
    of time, or not. He would be lucky if they just ignored him.

    >After all he is paying them for a service


    He is not paying them to check his firewall logs.

    > and if in fact he is seeing a very high level of attempts then he has
    >a right to be concerned


    Only if it's genuine net abuse.

    > and to report it.


    Only to the originating ISP.

    > I very much doubt they are that asinine to just ignore a paying
    >customer no matter how lightly they take the inquiry.


    Don't be so naive.


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Jan 3, 2004
    #8
  9. Gregory P. Stevens

    Mara Guest

    On 3 Jan 2004 16:05:41 -0600, Sultan wrote:

    >°Mike° wrote in news::
    >
    >> On 3 Jan 2004 14:27:01 -0600, in
    >> <Xns946592FEFB91Asultanofcyberhotmail@209.25.157.130>
    >> Sultan scrawled:
    >>
    >>>Gregory P. Stevens wrote in
    >>>news:eek:jFJb.104$:
    >>>
    >>>> I am using the sygate firewall, and every since I got DSL from
    >>>> Alltel, I have been under constant attack by someone's computer or
    >>>> something on the network that has a worm. Can anyone fix this???
    >>>>
    >>>
    >>>Report the problem to your ISP. Give them the IP address of the
    >>>attacker, be prepared to give them any other information they ask for
    >>>as well that may help them to help you.
    >>>
    >>>Sultan

    >>
    >> Reporting network abuse (which I doubt *very* much that this is),
    >> should be done to the originating ISP. He is wasting his, and his
    >> ISPs time if he follows your advise -- it will be ignored.
    >>

    >
    >While you doubt *very* much that this is the case do you in fact know it
    >isn't with the limited amount of info supplied? Why not err on the side
    >of caution and let his ISP decide if it is a waste of time or not?


    Because Admins are already overworked and underpaid. These days, with spammers
    running amok, with lusers spreading malware for here to hell and gone, with
    lusers uploading bad scripts, etc., etc., ad nauseum, there are _already_ not
    enough hours in the day.

    > After
    >all he is paying them for a service and if in fact he is seeing a very
    >high level of attempts then he has a right to be concerned and to report
    >it. I very much doubt they are that asinine to just ignore a paying
    >customer no matter how lightly they take the inquiry.


    If he is having a high ( meaning - 400-500+ attempts in a very short period of
    time) level of attempts there is no reason on earth why he can't learn to trace
    IP addresses and find out where they're coming from himself. It's not rocket
    science, after all, and it's an act of consideration on _his_ part. Then, he can
    send the LARTs himself. That, too, isn't exactly rocket science.

    We (tinw) are _busy_ people. If we weren't, you wouldn't be able to connect at
    all. We shouldn't have to waste our time on possibly spurious complaints.
    Something to think about. :)

    --
    "No lusers were harmed in the creation of this usenet article.
    AND I WANT TO KNOW WHY NOT!"
    --glmar04 at twirl.mcc.ac.uk in a.s.r
     
    Mara, Jan 3, 2004
    #9
  10. Gregory P. Stevens

    Sultan Guest

    °Mike° wrote in news::

    > On 3 Jan 2004 16:05:41 -0600, in
    > <Xns9465A3B91C1E3sultanofcyberhotmail@209.25.157.130>
    > Sultan scrawled:
    >
    >>°Mike° wrote in news::
    >>
    >>> On 3 Jan 2004 14:27:01 -0600, in
    >>> <Xns946592FEFB91Asultanofcyberhotmail@209.25.157.130>
    >>> Sultan scrawled:
    >>>
    >>>>Gregory P. Stevens wrote in
    >>>>news:eek:jFJb.104$:
    >>>>
    >>>>> I am using the sygate firewall, and every since I got DSL from
    >>>>> Alltel, I have been under constant attack by someone's computer
    >>>>> or something on the network that has a worm. Can anyone fix
    >>>>> this???
    >>>>>
    >>>>
    >>>>Report the problem to your ISP. Give them the IP address of the
    >>>>attacker, be prepared to give them any other information they ask
    >>>>for as well that may help them to help you.
    >>>>
    >>>>Sultan
    >>>
    >>> Reporting network abuse (which I doubt *very* much that this is),
    >>> should be done to the originating ISP. He is wasting his, and his
    >>> ISPs time if he follows your advise -- it will be ignored.
    >>>

    >>
    >>While you doubt *very* much that this is the case do you in fact know
    >>it isn't with the limited amount of info supplied?

    >
    > I would put money on it.
    >
    >>Why not err on the side of caution and let his ISP decide if it is a
    >>waste of time or not?

    >
    > It's not his ISPs job to decide whether firewall traffic is a waste
    > of time, or not. He would be lucky if they just ignored him.
    >
    >>After all he is paying them for a service

    >
    > He is not paying them to check his firewall logs.
    >
    >> and if in fact he is seeing a very high level of attempts then he has
    >>a right to be concerned

    >
    > Only if it's genuine net abuse.
    >
    >> and to report it.

    >
    > Only to the originating ISP.
    >
    >> I very much doubt they are that asinine to just ignore a paying
    >>customer no matter how lightly they take the inquiry.

    >
    > Don't be so naive.
    >
    >


    Unlike you I work closely with four ISP's on a frequent basis and they help
    customers with just this kind of thing and again in most cases it is not
    cause for concern but they don't balk at answering.
    Furthermore when it is a cause for concern they can find out the
    originating ISP much easier than the customer who hasn't a clue or would
    you argue that too?
    Also who is the originating ISP going to take more seriously when it is a
    serious problem- one lone guy whom you just blew off without thought or
    another ISP? Think about it. Not too hard though, you seem to be on the
    verge of a meltdown or something.
    Here in the US we are not so smug as to be able to *ignore* customers, we
    call it service. Helps keep people coming back.

    Sultan


    -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
    http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
    -----== Over 100,000 Newsgroups - 19 Different Servers! =-----
     
    Sultan, Jan 3, 2004
    #10
  11. Gregory P. Stevens

    Sultan Guest

    Mara wrote in news::

    > On 3 Jan 2004 16:05:41 -0600, Sultan wrote:
    >
    >>°Mike° wrote in news::
    >>
    >>> On 3 Jan 2004 14:27:01 -0600, in
    >>> <Xns946592FEFB91Asultanofcyberhotmail@209.25.157.130>
    >>> Sultan scrawled:
    >>>
    >>>>Gregory P. Stevens wrote in
    >>>>news:eek:jFJb.104$:
    >>>>
    >>>>> I am using the sygate firewall, and every since I got DSL from
    >>>>> Alltel, I have been under constant attack by someone's computer
    >>>>> or something on the network that has a worm. Can anyone fix
    >>>>> this???
    >>>>>
    >>>>
    >>>>Report the problem to your ISP. Give them the IP address of the
    >>>>attacker, be prepared to give them any other information they ask
    >>>>for as well that may help them to help you.
    >>>>
    >>>>Sultan
    >>>
    >>> Reporting network abuse (which I doubt *very* much that this is),
    >>> should be done to the originating ISP. He is wasting his, and his
    >>> ISPs time if he follows your advise -- it will be ignored.
    >>>

    >>
    >>While you doubt *very* much that this is the case do you in fact know
    >>it isn't with the limited amount of info supplied? Why not err on the
    >>side of caution and let his ISP decide if it is a waste of time or
    >>not?

    >
    > Because Admins are already overworked and underpaid. These days, with
    > spammers running amok, with lusers spreading malware for here to hell
    > and gone, with lusers uploading bad scripts, etc., etc., ad nauseum,
    > there are _already_ not enough hours in the day.
    >
    >> After
    >>all he is paying them for a service and if in fact he is seeing a very
    >>high level of attempts then he has a right to be concerned and to
    >>report it. I very much doubt they are that asinine to just ignore a
    >>paying customer no matter how lightly they take the inquiry.

    >
    > If he is having a high ( meaning - 400-500+ attempts in a very short
    > period of time) level of attempts there is no reason on earth why he
    > can't learn to trace IP addresses and find out where they're coming
    > from himself. It's not rocket science, after all, and it's an act of
    > consideration on _his_ part. Then, he can send the LARTs himself.
    > That, too, isn't exactly rocket science.
    >
    > We (tinw) are _busy_ people. If we weren't, you wouldn't be able to
    > connect at all. We shouldn't have to waste our time on possibly
    > spurious complaints. Something to think about. :)
    >

    Sigh, Trolls.
    Key word is possibly. You need to find another profession if doing your
    job is that stressful that you can't at least listen to a customers
    inquiry.
    This may come as a shock to you but some of this stuff seems like rocket
    science to the average user. I applaud him for being above the curve and
    having a firewall installed.

    Sultan


    -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
    http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
    -----== Over 100,000 Newsgroups - 19 Different Servers! =-----
     
    Sultan, Jan 3, 2004
    #11
  12. Gregory P. Stevens

    °Mike° Guest

    On 3 Jan 2004 16:25:08 -0600, in
    <Xns9465A704F5962sultanofcyberhotmail@209.25.157.130>
    Sultan scrawled:

    >°Mike° wrote in news::
    >
    >> On 3 Jan 2004 16:05:41 -0600, in
    >> <Xns9465A3B91C1E3sultanofcyberhotmail@209.25.157.130>
    >> Sultan scrawled:
    >>
    >>>°Mike° wrote in news::
    >>>
    >>>> On 3 Jan 2004 14:27:01 -0600, in
    >>>> <Xns946592FEFB91Asultanofcyberhotmail@209.25.157.130>
    >>>> Sultan scrawled:
    >>>>
    >>>>>Gregory P. Stevens wrote in
    >>>>>news:eek:jFJb.104$:
    >>>>>
    >>>>>> I am using the sygate firewall, and every since I got DSL from
    >>>>>> Alltel, I have been under constant attack by someone's computer
    >>>>>> or something on the network that has a worm. Can anyone fix
    >>>>>> this???
    >>>>>>
    >>>>>
    >>>>>Report the problem to your ISP. Give them the IP address of the
    >>>>>attacker, be prepared to give them any other information they ask
    >>>>>for as well that may help them to help you.
    >>>>>
    >>>>>Sultan
    >>>>
    >>>> Reporting network abuse (which I doubt *very* much that this is),
    >>>> should be done to the originating ISP. He is wasting his, and his
    >>>> ISPs time if he follows your advise -- it will be ignored.
    >>>>
    >>>
    >>>While you doubt *very* much that this is the case do you in fact know
    >>>it isn't with the limited amount of info supplied?

    >>
    >> I would put money on it.
    >>
    >>>Why not err on the side of caution and let his ISP decide if it is a
    >>>waste of time or not?

    >>
    >> It's not his ISPs job to decide whether firewall traffic is a waste
    >> of time, or not. He would be lucky if they just ignored him.
    >>
    >>>After all he is paying them for a service

    >>
    >> He is not paying them to check his firewall logs.
    >>
    >>> and if in fact he is seeing a very high level of attempts then he has
    >>>a right to be concerned

    >>
    >> Only if it's genuine net abuse.
    >>
    >>> and to report it.

    >>
    >> Only to the originating ISP.
    >>
    >>> I very much doubt they are that asinine to just ignore a paying
    >>>customer no matter how lightly they take the inquiry.

    >>
    >> Don't be so naive.
    >>
    >>

    >
    >Unlike you I work closely with four ISP's on a frequent basis


    Unlike me? Where do I work, then?

    > and they help customers with just this kind of thing


    They shouldn't have to.

    > and again in most cases it is not cause for concern but they don't
    > balk at answering.


    No, you're right, in most cases it is not cause for concern, because
    in most cases it's normal background traffic. That's why ISPs
    shouldn't be bombarded with frivolous reports.

    >Furthermore when it is a cause for concern they can find out the
    >originating ISP much easier than the customer who hasn't a clue or would
    >you argue that too?


    The vast majority of ISP abuse departments have autoresponders,
    that tell you quite clearly that net abuse should be reported to the
    originating ISP. They are not concerned, and neither should they
    be, about checking report from people who can't learn to turn the
    warning dialogs off, and use their firewall as it is supposed to be
    used.

    >Also who is the originating ISP going to take more seriously when it is a
    >serious problem- one lone guy whom you just blew off without thought or
    >another ISP?


    Any responsible ISP will take a genuine report seriously, no matter
    *where* it comes from.

    >Think about it. Not too hard though, you seem to be on the
    >verge of a meltdown or something.


    LOL! You seem to be a very confused individual.

    >Here in the US we are not so smug


    Oh, you're plenty smug, alright. And I do mean *you*.

    > as to be able to *ignore* customers, we call it service.
    > Helps keep people coming back.


    Service? I see, so taking every Tom, Dick and Harry's frivolous
    complaint is "service", and doing diddly squat about SPAM
    reports is also "service"? Well, thanks for reminding me.

    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Jan 3, 2004
    #12
  13. Gregory P. Stevens

    Mara Guest

    On 3 Jan 2004 16:39:30 -0600, Sultan wrote:

    <snip>
    >Sigh, Trolls.


    Careful, there. Your ignorance is showing. :)

    >Key word is possibly. You need to find another profession if doing your
    >job is that stressful that you can't at least listen to a customers
    >inquiry.


    An Admin's job is to deal with _ALL_ kinds of abuse, and that _include_ a flood
    of spurious complaints.

    Think I'm alone? Think again:

    http://tinyurl.com/34zov
    http://tinyurl.com/24ohy

    How many more do you think you need?

    Nah, it does appear that if anyone's trolling here, it's you - and your stubborn
    reluctance to face the truth is simple proof of the fact.

    >This may come as a shock to you but some of this stuff seems like rocket
    >science to the average user. I applaud him for being above the curve and
    >having a firewall installed.


    Having a software firewall installed and running is one thing, and a thing that
    will help the average luser. Sending spurious complaints, however, is not, and
    in fact it is abuse and could possibly cost you your account on some hosts.

    "Obviously, though, you don't care about that - you simply want to argue, even
    though it makes you look foolish. Well, I hope you enjoy arguing with yourself.
    :)"


    <snip>

    --
    "No lusers were harmed in the creation of this usenet article.
    AND I WANT TO KNOW WHY NOT!"
    --glmar04 at twirl.mcc.ac.uk in a.s.r
     
    Mara, Jan 3, 2004
    #13
  14. It was on Sat, 03 Jan 2004 16:39:30 -0600, just as I was halfway through a
    large jam doughnut, that Sultan wrote:

    > Mara wrote in news::
    >
    >> On 3 Jan 2004 16:05:41 -0600, Sultan wrote:
    >>
    >>>°Mike° wrote in news::
    >>>
    >>>> On 3 Jan 2004 14:27:01 -0600, in
    >>>> <Xns946592FEFB91Asultanofcyberhotmail@209.25.157.130>
    >>>> Sultan scrawled:
    >>>>
    >>>>>Gregory P. Stevens wrote in
    >>>>>news:eek:jFJb.104$:
    >>>>>
    >>>>>> I am using the sygate firewall, and every since I got DSL from
    >>>>>> Alltel, I have been under constant attack by someone's computer
    >>>>>> or something on the network that has a worm. Can anyone fix
    >>>>>> this???
    >>>>>>
    >>>>>
    >>>>>Report the problem to your ISP. Give them the IP address of the
    >>>>>attacker, be prepared to give them any other information they ask
    >>>>>for as well that may help them to help you.
    >>>>>
    >>>>>Sultan
    >>>>
    >>>> Reporting network abuse (which I doubt *very* much that this is),
    >>>> should be done to the originating ISP. He is wasting his, and his
    >>>> ISPs time if he follows your advise -- it will be ignored.
    >>>>
    >>>
    >>>While you doubt *very* much that this is the case do you in fact know
    >>>it isn't with the limited amount of info supplied? Why not err on the
    >>>side of caution and let his ISP decide if it is a waste of time or
    >>>not?

    >>
    >> Because Admins are already overworked and underpaid. These days, with
    >> spammers running amok, with lusers spreading malware for here to hell
    >> and gone, with lusers uploading bad scripts, etc., etc., ad nauseum,
    >> there are _already_ not enough hours in the day.
    >>
    >>> After
    >>>all he is paying them for a service and if in fact he is seeing a very
    >>>high level of attempts then he has a right to be concerned and to
    >>>report it. I very much doubt they are that asinine to just ignore a
    >>>paying customer no matter how lightly they take the inquiry.

    >>
    >> If he is having a high ( meaning - 400-500+ attempts in a very short
    >> period of time) level of attempts there is no reason on earth why he
    >> can't learn to trace IP addresses and find out where they're coming
    >> from himself. It's not rocket science, after all, and it's an act of
    >> consideration on _his_ part. Then, he can send the LARTs himself.
    >> That, too, isn't exactly rocket science.
    >>
    >> We (tinw) are _busy_ people. If we weren't, you wouldn't be able to
    >> connect at all. We shouldn't have to waste our time on possibly
    >> spurious complaints. Something to think about. :)
    >>

    > Sigh, Trolls.


    Sigh, Idiots.

    > Key word is possibly. You need to find another profession if doing your
    > job is that stressful that you can't at least listen to a customers
    > inquiry.


    Frivolous ones too?

    > This may come as a shock to you but some of this stuff seems like rocket
    > science to the average user. I applaud him for being above the curve and
    > having a firewall installed.
    >
    > Sultan


    <Stupid sig chopped>

    --
    Registered Linux user: 305646 - http://counter.li.org/
    SuSE Linux Pro 9.0
    No viruses, no defragging,
    NO M$, NO problems!!
     
    William Poaster, Jan 3, 2004
    #14
  15. Sultan spilled my beer when they jumped on the table and proclaimed in
    <Xns946592FEFB91Asultanofcyberhotmail@209.25.157.130>
    > Report the problem to your ISP. Give them the IP address of the attacker,
    > be prepared to give them any other information they ask for as well that
    > may help them to help you.


    That is a waste of time. What he needs to do is ignore the "attacks" (Aka
    background network noise) unless they repeat over and over again from the
    same IP address thruout the day. If that is the case, then he needs to
    forward the logs to the ISP that the IP address resolves to...

    NOI
     
    Thund3rstruc_N0i, Jan 4, 2004
    #15
  16. Sultan spilled my beer when they jumped on the table and proclaimed in
    <Xns9465A974BD503sultanofcyberhotmail@209.25.157.130>
    > Sigh, Trolls.


    WHA??!!!

    /me does a doubletake

    Did he just call Mara a troll?

    Boy is that a mistake.

    > Key word is possibly. You need to find another profession if doing your
    > job is that stressful that you can't at least listen to a customers
    > inquiry.


    I have been in the Customer Service field since 1984. I have been in the
    computer field for 5 years.

    It is not a matter of not listening to a customer. It is a matter of common
    courtesy. You wouldn't go to McDonalds and complain about how shitty a
    service Wendy's has, right? You would go to Wendy's and rip on them.

    Same goes for ISPs. Why go to your ISP when the problem did not come from
    there?

    Also, I have seen a lot of cases where people thought background network
    noise (DNS requests, or mis-routed packets) were attacks. Fact is,
    mis-routed packets and DNS requests (Among other things) occasionally trip
    the warnings. Unless it is a large number of alerts, most ISPs won't even
    bother because they know this as well.


    > This may come as a shock to you but some of this stuff seems like rocket
    > science to the average user. I applaud him for being above the curve and
    > having a firewall installed.


    And I do too. He, however had a question, Mike answered it, and since it
    has been at least 4 hours since asking, it looks like the question was
    answered. The only one with a problem here seems to be you. Why?

    NOI
     
    Thund3rstruc_N0i, Jan 4, 2004
    #16
  17. Gregory P. Stevens

    Mara Guest

    On Sat, 03 Jan 2004 19:27:06 -0500, Thund3rstruc_N0i wrote:

    >Sultan spilled my beer when they jumped on the table and proclaimed in
    ><Xns946592FEFB91Asultanofcyberhotmail@209.25.157.130>
    >> Report the problem to your ISP. Give them the IP address of the attacker,
    >> be prepared to give them any other information they ask for as well that
    >> may help them to help you.

    >
    > That is a waste of time. What he needs to do is ignore the "attacks" (Aka
    >background network noise) unless they repeat over and over again from the
    >same IP address thruout the day. If that is the case, then he needs to
    >forward the logs to the ISP that the IP address resolves to...


    What? Someone actually learning how to do something _before_ they try to do it?
    Or doing something for, $Deity-forbid, themselves? <gasp>

    "That's against Sultan's principles, don'tcha know. Which is why he now resides
    with those who have no principles at all. ;)"

    >
    > NOI


    --
    "No lusers were harmed in the creation of this usenet article.
    AND I WANT TO KNOW WHY NOT!"
    --glmar04 at twirl.mcc.ac.uk in a.s.r
     
    Mara, Jan 4, 2004
    #17
  18. Sultan spilled my beer when they jumped on the table and proclaimed in
    <Xns9465A704F5962sultanofcyberhotmail@209.25.157.130>
    > Unlike you I work closely with four ISP's on a frequent basis and they


    Care to name those four? If so, I will give you a list of who I normally
    deal with.

    > help customers with just this kind of thing and again in most cases it is
    > not cause for concern but they don't balk at answering.


    They do if the complaints are what they consider "Frivolous". Most of the
    big ISPs do not have the finances and manpower to deal with the hundreds of
    thousands of complaints they get daily between all the spam and security
    reports. Honestly, I am suprised that some spammers get nailed at all...
    <G>

    > Furthermore when it is a cause for concern they can find out the
    > originating ISP much easier than the customer who hasn't a clue or would
    > you argue that too?


    I would. combat.uxn.com is all they need. Give me a legitimate IP address
    and in under 2 minutes I can tell you everything about the ISP. Hell, in
    AACF, I have taught several people how to do all this in under 15 minutes.

    > Also who is the originating ISP going to take more seriously when it is a
    > serious problem- one lone guy whom you just blew off without thought or
    > another ISP?


    If Satan himself gave them proof that matches their logs they will believe
    even him.

    >Think about it.


    I have. Five years of thinking about this.

    >Not too hard though, you seem to be on the verge of a meltdown or
    >something.


    Ah. Minor personal attack noted. One sign you are either beginning to lose
    the argument, or are trolling for a fight.

    > Here in the US we are not so smug as to be able to *ignore* customers, we
    > call it service. Helps keep people coming back.


    I am in the US. Don't believe me? Check the IP address or domain name in
    this message's headers at the site I listed above.

    NOI
     
    Thund3rstruc_N0i, Jan 4, 2004
    #18
  19. Gregory P. Stevens

    Mara Guest

    On Sat, 03 Jan 2004 19:41:00 -0500, Thund3rstruc_N0i wrote:

    >Sultan spilled my beer when they jumped on the table and proclaimed in
    ><Xns9465A974BD503sultanofcyberhotmail@209.25.157.130>
    >> Sigh, Trolls.

    >
    >WHA??!!!
    >
    >/me does a doubletake
    >
    >Did he just call Mara a troll?


    He certainly did. That's what troll wannabes do best. :)

    >Boy is that a mistake.


    He's one of those who likes to pop in after long absences and take potshots at
    posters even when he doesn't know what the hell he's talking about, which is
    quite the case here. It makes him look like a fool, but hey, if that's what he
    wants, far be it for me to continue to try to instill clue where none existed
    before (and in all likelihood, never will exist.)

    >
    >> Key word is possibly. You need to find another profession if doing your
    >> job is that stressful that you can't at least listen to a customers
    >> inquiry.

    >
    >I have been in the Customer Service field since 1984. I have been in the
    >computer field for 5 years.
    >
    >It is not a matter of not listening to a customer. It is a matter of common
    >courtesy. You wouldn't go to McDonalds and complain about how shitty a
    >service Wendy's has, right? You would go to Wendy's and rip on them.
    >
    >Same goes for ISPs. Why go to your ISP when the problem did not come from
    >there?


    That would require learning how to track IPs. Sure, it takes a matter of
    minutes, but there are some who are too lazy to do even that.

    One time a couple of years ago, the main servers on the host I was using at the
    time went down for about an hour. I was living in a small town 3 1/2 hours away
    from those servers, but you wouldn't believe how many calls and visits I
    received expecting _me_ to fix them immediately - from 3 1/2 hours away. They
    weren't even _mine,_ fer Chrissakes. I didn't even work for them. But it still
    happened.

    "Sometimes, people are just stupid."

    >
    >Also, I have seen a lot of cases where people thought background network
    >noise (DNS requests, or mis-routed packets) were attacks. Fact is,
    >mis-routed packets and DNS requests (Among other things) occasionally trip
    >the warnings. Unless it is a large number of alerts, most ISPs won't even
    >bother because they know this as well.


    Yes. What if it's your own host, scanning for malware, or open relays, etc.?
    What about P2P programs, etc?

    In the case of a persistent, multiple-lart spurious complainer, I give _one_
    warning. When I'm asked about something and answer, I _do_ expect to be listened
    to by my lusers. If they continue after that, their account is jerked.
    Persistent spurious LARTs such as these can be as large a problem as spam is, at
    times - in fact, when you get right down to it, they _are_ a form of spam. They
    do _nothing_ but waste server bandwidth and space.

    >> This may come as a shock to you but some of this stuff seems like rocket
    >> science to the average user. I applaud him for being above the curve and
    >> having a firewall installed.

    >
    > And I do too. He, however had a question, Mike answered it, and since it
    >has been at least 4 hours since asking, it looks like the question was
    >answered. The only one with a problem here seems to be you. Why?


    Smoke and mirrors, looking for a fight. That's all.

    "Easily dealt with. :)"

    >
    > NOI


    --
    "No lusers were harmed in the creation of this usenet article.
    AND I WANT TO KNOW WHY NOT!"
    --glmar04 at twirl.mcc.ac.uk in a.s.r
     
    Mara, Jan 4, 2004
    #19
  20. Gregory P. Stevens

    Mara Guest

    On Sat, 03 Jan 2004 19:55:18 -0500, Thund3rstruc_N0i wrote:

    <snip>
    >I would. combat.uxn.com is all they need. Give me a legitimate IP address
    >and in under 2 minutes I can tell you everything about the ISP. Hell, in
    >AACF, I have taught several people how to do all this in under 15 minutes.


    Personally I prefer DnsStuff now. I really like Steve, but his site was down so
    much during the DoS attacks that I finally had to give up.

    "Too much to do, too little time to wait."

    >
    >> Also who is the originating ISP going to take more seriously when it is a
    >> serious problem- one lone guy whom you just blew off without thought or
    >> another ISP?

    >
    > If Satan himself gave them proof that matches their logs they will believe
    >even him.


    That's what logs are for - a fact that Sultan conveniently dodged, here.

    >>Think about it.

    >
    > I have. Five years of thinking about this.
    >
    >>Not too hard though, you seem to be on the verge of a meltdown or
    >>something.

    >
    > Ah. Minor personal attack noted. One sign you are either beginning to lose
    >the argument, or are trolling for a fight.


    First the foaming, then the dancing. ;)

    >> Here in the US we are not so smug as to be able to *ignore* customers, we
    >> call it service. Helps keep people coming back.

    >
    > I am in the US. Don't believe me? Check the IP address or domain name in
    >this message's headers at the site I listed above.


    You mean he can't even tell?!?

    Ah, HAHAAAAAAAAAAAAAAAAAHAHAHAHAHAHAHAHAHAHAHA!!

    "That explains a LOT!"

    >
    > NOI


    --
    "No lusers were harmed in the creation of this usenet article.
    AND I WANT TO KNOW WHY NOT!"
    --glmar04 at twirl.mcc.ac.uk in a.s.r
     
    Mara, Jan 4, 2004
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Phil
    Replies:
    1
    Views:
    2,103
    Walter Roberson
    Dec 11, 2004
  2. Evan Platt

    Sygate firewall under XP Pro

    Evan Platt, Sep 17, 2005, in forum: Computer Support
    Replies:
    1
    Views:
    2,272
    puraq
    Nov 2, 2008
  3. K & S
    Replies:
    10
    Views:
    553
    steve
    Jan 19, 2004
  4. Peter Wagner

    A router running under WinXP runs under Windows Vista too?

    Peter Wagner, Jan 30, 2008, in forum: Wireless Networking
    Replies:
    12
    Views:
    936
    Peter Wagner
    Feb 4, 2008
  5. Squiggle
    Replies:
    7
    Views:
    435
    Squiggle
    Apr 27, 2008
Loading...

Share This Page