[Snort-users] Am I the only one pulling my slowly-turning-gra y hair out!

Henry Sieff hsieff at ...519...
Wed Nov 8 15:53:39 EST 2000


I gave up reporting on scans and exploits for things I wasn't
vulnerable to a while ago, not because it was fruitless but because
the share number makes it prohibitive in time-terms, even if you
script it :-).

FWIW, when I did, I _ONLY_ ever bothered to send email; I figured that
an ISP that didn't bother to man its abuse@ and/or hostmaster@ email
box probably wouldn't even step too lively if I called.

In the email, I always included detailed logs, a brief explanation of
them, and a link to additional info. More often than not, I got an
encouraging reply eventually, and on occasion, I think I actually did
some good in explaining to someone why, say, subnet scans on port XXX
were significant.

If they did not respond to this email, I went about my merry business.


@Home is notoriously bad; keep in mind that they are a rather
un-organized collection of various Cable Companies who do the ISP
thing; remember the last time you got new cable service? Or had an
overcharge on your bill?

Well, @home has the same customer service standards, so good luck!!!

(I think of all the ISP's I saw scans from, only @home and some
Turkish outfit ever ignored me completely).

Anyways, you touched a nerve, so I thought I'd vent.

Snortin' away,

Henry Sieff
> -----Original Message-----
> From: Robert L. Yelvington [mailto:rly at ...579...]
> Sent: Thursday, November 09, 2000 12:55 PM
> To: 'snort-users at lists.sourceforge.net'
> Subject: [Snort-users] Am I the only one pulling my 
> slowly-turning-gray
> hair out!
> 
> 
> I am using the latest 'snort' and it works like a champ!  It is
> everything that I have heard about and MORE!...and no I am 
> not on 'the payroll'...teehee.
> 
> My question is as follows:
> 
> Since I have been monitoring and mediating network traffic on my
> network(s), I have discovered actual break-in attempts, port 
> scans, etc.
> by so-called 'hackers' or 'crackers'.  No sweat.  Most of 
> them are just
> pimply faced 'script kiddies' using outta-the-box software.  
> No real threats.
> 
> However, am I the only one who gets the run around when reporting
this
> devious activity to ISP's?  .OR. am I doing something wrong?  
> I know we
> hate even the mention of it, but are there any laws holding ISPs
> accountable?  Will someone please advise.  And one last thing 
> (I am sure
> that you folks already know), don't try to report an incident to the
> folks at the "@home" network...they'll just transfer you in circles,
> then hang up on you once your estimated wait time has been reached
(no
> offense to any of you @home techies in the audience...I know 
> you're out there!).
> 
> Thanks for the open ports, ladies & gentlemen.
> 
> Respectfully,
> Rob
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users
> 



More information about the Snort-users mailing list