jump to navigation

Call For Action – Hold Large ISPs Accountable September 20, 2006

Posted by weare1 in commentary, Internet, rant.

dsc01211.JPGI write computer security software. One of my programs detects unauthorized brute-force password attempts via ssh and then firewalls offending IPs, and notifies their upstream provider. Increasingly these attempts are launched from infected computers Windows boxes and not malicious individuals. If I had an infected computer and my upstream provider was notified of this fact, I’d sure want to know about it. The reactions from different upstream providers “abuse” addresses (if they even have one) has been very interesting to say the least.

By far European upstream providers have been the best responders. Asian providers have been the worst. A few select US providers have been good about responding (Speakeasy has been the best). For the most part though most of my notifications go without any response. I wonder how many actually notify their respective users.

This week however I saw a new low. abuse@verizon.net has deferred even accepting my notification to them. It’s been 3 days now that my notification to abuse@verizon.net has dwelt in my mailq. Shame on you Verizon, this is likely a high-speed Internet customer with an infected computer who doesn’t know it. His computer is likely causing widespread abuse of the Internet, even clogging up your bandwidth with his virus’es malicious payloads. I find this unacceptable, negligent, incompetent, and bad for the Internet. Ignoring abuse@verizon.net notification of TOS violations is not what even you claim ‘net neutrality’ is.

To any lawyers reading this, there is a large ‘class’ of ISVs who have a large amount of resources that are being abused by ISPs who cannot manage their obligations in the public interest. To any dead-tree reporters reading this, I could explain the terms and concepts involved in a more layman like terminology if needed.

This type of attack was attempted 172 times this year on this server. I can see profiles of certain groups of co-ordinated or programmatic attack attempts by the usernames they attempt to access. This type of attack attempt is becoming more frequent.

To Verizon.net please get your house in order.

Sep 17 04:59:00 postfix/smtp[23021]: 3B07EC258DF: to=<abuse@verizon.net>, relay=relay.verizon.net[], delay=42, status=deferred (host relay.verizon.net[] said: 450 Requested mail action not taken-Try later:sv22pub.verizon.net (in reply to MAIL FROM command))

Sep 20 17:03:19 postfix/smtp[392]: 3B07EC258DF: to=<abuse@verizon.net>, relay=relay.verizon.net[], delay=302702, status=deferred (host relay.verizon.net[] said: 450 Requested mail action not taken-Try later:sv4pub.verizon.net (in reply to MAIL FROM command))

UPDATE: message hard bounced 2 days later and was never accepted for delivery.

I don’t digg ISPs acting irresponsibly



No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: