OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: RE: [Snort-users] Am I the only one pulling my slowly-turning-gra y hair out!
From: Henry Sieff (hsiefforthodon.com)
Date: Wed Nov 08 2000 - 14:53:39 CST

I gave up reporting on scans and exploits for things I wasn't
vulnerable to a while ago, not because it was fruitless but because
the share number makes it prohibitive in time-terms, even if you
script it :-).

FWIW, when I did, I _ONLY_ ever bothered to send email; I figured that
an ISP that didn't bother to man its abuse and/or hostmaster email
box probably wouldn't even step too lively if I called.

In the email, I always included detailed logs, a brief explanation of
them, and a link to additional info. More often than not, I got an
encouraging reply eventually, and on occasion, I think I actually did
some good in explaining to someone why, say, subnet scans on port XXX
were significant.

If they did not respond to this email, I went about my merry business.

Home is notoriously bad; keep in mind that they are a rather
un-organized collection of various Cable Companies who do the ISP
thing; remember the last time you got new cable service? Or had an
overcharge on your bill?

Well, home has the same customer service standards, so good luck!!!

(I think of all the ISP's I saw scans from, only home and some
Turkish outfit ever ignored me completely).

Anyways, you touched a nerve, so I thought I'd vent.

Snortin' away,

Henry Sieff
> -----Original Message-----
> From: Robert L. Yelvington [mailto:rlysciresearch.com]
> Sent: Thursday, November 09, 2000 12:55 PM
> To: 'snort-userslists.sourceforge.net'
> Subject: [Snort-users] Am I the only one pulling my
> slowly-turning-gray
> hair out!
>
>
> I am using the latest 'snort' and it works like a champ! It is
> everything that I have heard about and MORE!...and no I am
> not on 'the payroll'...teehee.
>
> My question is as follows:
>
> Since I have been monitoring and mediating network traffic on my
> network(s), I have discovered actual break-in attempts, port
> scans, etc.
> by so-called 'hackers' or 'crackers'. No sweat. Most of
> them are just
> pimply faced 'script kiddies' using outta-the-box software.
> No real threats.
>
> However, am I the only one who gets the run around when reporting
this
> devious activity to ISP's? .OR. am I doing something wrong?
> I know we
> hate even the mention of it, but are there any laws holding ISPs
> accountable? Will someone please advise. And one last thing
> (I am sure
> that you folks already know), don't try to report an incident to the
> folks at the "home" network...they'll just transfer you in circles,
> then hang up on you once your estimated wait time has been reached
(no
> offense to any of you home techies in the audience...I know
> you're out there!).
>
> Thanks for the open ports, ladies & gentlemen.
>
> Respectfully,
> Rob
> _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users
>
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/snort-users