OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Bill Royds (Bill_RoydsPCH.GC.CA)
Date: Wed Mar 07 2001 - 20:35:23 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Sympatico.ca is the largest Canadian ISP (owned by Bell Telephone) and is the
    main ADSL supplier in Canada so you have a good chance of the sweep coming from
    sympatico if it comes from Canada at all.
    I have good results if you phone their NOC at +1 (800) 565-0567.

    Jose Nazario <joseBIOCSERVER.BIOC.CWRU.EDU> on 03/07/2001 15:33:17

    Please respond to Jose Nazario <joseBIOCSERVER.BIOC.CWRU.EDU>

     To: INCIDENTSSECURITYFOCUS.COM

     cc: (bcc: Bill Royds/HullOttawa/PCH/CA)

     Subject: blackholing t-dialin.net? sympatico.ca?

    well, like many of you, i continue to receive FTP and sometimes telnetd
    sweeps from sympatico.ca and t-dialin.net. so far i haven't had a
    compromise on a machine under my watch (due to access controls) from these
    domains, but the continued scanning gets annoying.

    i'm not one who thinks that service sweeps are worth leaving as
    "background noise", or worth getting all in a huff about.

    i am, however, of the sentiment that both sympatico.ca and t-dialin.net
    have repeatedly shown unneighborly behavior by not addressing, in one form
    or another, continued activities that are typical of preludes to attacks.

    [at worst it's probably some kid with too much time on his hands, and
    should be discouraged from going down the road that leads to breaking the
    law. it's probably a compromised account or machine to blame, though.]

    sympatico.ca is marginally better than t-dialin.net in the folowing
    respects: i alerted them to some sweeps in early october, 2000, and
    received a reply in january, 2001. and their AUP seems to be as good as
    any AUP can be: http://www1.sympatico.ca/help/About/terms.html ...

    t-dialin.net, however, has been the source of many probes for many of us
    on this list, yet a quick attempt to find their AUP leaves me lacking.
    (was it t-dialin.net who has the 'port scans are ok with us!' AUP?)

    still, this situation continues. is it worth starting to block their
    dialin netblocks?

    frankly, i'd love it, and i think many of you would, as well, if reps from
    t-dialin.net and sympatico.ca spoke up here and addressed these continuing
    issues.

    thanks,

    ____________________________
    jose nazario josecwru.edu
                        PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
                               PGP key ID 0xFD37F4E5 (pgp.mit.edu)