[Snort-users] Am I the only one pulling my slowly-turning-gray hair out!

Paul Doom elektrosatan at ...659...
Wed Nov 8 13:25:47 EST 2000

On Thu, Nov 09, 2000 at 10:54:46AM -0800, Robert L. Yelvington wrote:
> However, am I the only one who gets the run around when reporting this
> devious activity to ISP's?  .OR. am I doing something wrong?  I know we

You are probably not doing anything wrong. On the incidents at ...35...
mailing list (http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D75)
there is often conversation about reporting to ISPs.  Many ISPs don't really care,
or don't know how to do anything about the problem.  (This often
is the case even if you can prove that one of thier client's boxes is 
a copromised attack base.)  The smaller the entitiy you represent (small bussiness
or personal, for instance) the less likely it is that you will get any 

ISPs don't have to do anything, really.  Many don't even tell their
own customers if they find out they are "owned". All you can do is keep
reporting suspect activity to the ISP and the source entitiy (if possible).
Even if the mail to the source is intercepted by the wrongdoer, maybe they
will at least leave YOU alone. (Then again, what fun is an IDS with no I to
D? ;)

Good luck!


/Paul M. Hirsch              /
/elektrosatan at ...659.../
/GPGPGPkeyID: 0xD11A250E     /

More information about the Snort-users mailing list