[46307] in North American Network Operators' Group
RE: PacBell Security/Abuse contact
daemon@ATHENA.MIT.EDU (Cheung, Rick)
Mon Mar 25 15:06:53 2002
Message-ID: <5B2BB95CB505D5119D480002A534919501056430@mnmtkex3.nextelpartners.com>
From: "Cheung, Rick" <Rick.Cheung@NextelPartners.com>
To: nanog@merit.edu
Date: Mon, 25 Mar 2002 14:12:02 -0600
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C1D439.53EADD90"
Errors-To: owner-nanog-outgoing@merit.edu
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C1D439.53EADD90
Content-Type: text/plain;
charset="iso-8859-1"
Does anyone have an opinion on a decent ISP out there that's proven
to work with the customer during a DDOS storm?
Rick Cheung
-----Original Message-----
From: Jeremy T. Bouse [mailto:Jeremy.Bouse@undergrid.net]
Sent: Monday, March 25, 2002 2:46 PM
To: nanog@merit.edu
Subject: Re: PacBell Security/Abuse contact
More specifically I belive this is a Distributed Reflection DoS
like what hit GRC.COM back on Jan 11th... Basically a flood of SYN
packets to well known ports from IPs which appear to be spoofed. I've
actually been riding it out now for over 2 weeks...
The tech support is completely inept and trying to contact
security/abuse is pointless. Final realization of this was when I was
investigating another PacBell customers box which had been compromised
via another PacBell customer machine. After the forensics to get back
logs and track the intrusion I tried contacting PacBell to no avail and
then resulting it tryin to get in contact with their customer directly.
Which I managed to do and resolve the issue... I've never dealt with
such an inept company before.
Jeremy
On Mon, Mar 25, 2002 at 11:18:23AM -0800, Daniel M. Spielman wrote:
>
> At 11:11 PM 3/24/2002 -0800, you wrote:
>
> > Anyone have a telephone number that can reach a live person
> >within Pacific Bell's Security/Abuse department? PacBell's technical
> >support is completely inept with trying to help their customers when
> >under any form of network attack other than passing you to a toll-free
> >number which informs you to send email to an address that goes without
> >answer.
> >
> > Respectfully,
> > Jeremy T. Bouse
> > UnderGrid Network Services
> I've had a similar experience with their tech team. I was being
> dos'd from a college in Chicago so I contacted them to have it filtered
out
> and they had no idea what I meant. They suggested I email the Admin at the
> college to get it resolved. I started screaming at them how am i going to
> email someone when I am being attacked. Then they transferred me to their
> supervisor who was even more inept then they were. Frankly i gave up and
> just waited out the dos attack which lasted 2 1/2 days.
>
------_=_NextPart_001_01C1D439.53EADD90
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2653.12">
<TITLE>RE: PacBell Security/Abuse contact</TITLE>
</HEAD>
<BODY>
<P> <FONT SIZE=3D2>Does =
anyone have an opinion on a decent ISP out there that's proven to work =
with the customer during a DDOS storm?</FONT></P>
<BR>
<P><FONT SIZE=3D2>Rick Cheung</FONT>
</P>
<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>From: Jeremy T. Bouse [<A =
HREF=3D"mailto:Jeremy.Bouse@undergrid.net">mailto:Jeremy.Bouse@undergrid=
.net</A>]</FONT>
<BR><FONT SIZE=3D2>Sent: Monday, March 25, 2002 2:46 PM</FONT>
<BR><FONT SIZE=3D2>To: nanog@merit.edu</FONT>
<BR><FONT SIZE=3D2>Subject: Re: PacBell Security/Abuse contact</FONT>
</P>
<BR>
<BR>
<P> <FONT SIZE=3D2>More =
specifically I belive this is a Distributed Reflection DoS</FONT>
<BR><FONT SIZE=3D2>like what hit GRC.COM back on Jan 11th... Basically =
a flood of SYN</FONT>
<BR><FONT SIZE=3D2>packets to well known ports from IPs which appear to =
be spoofed. I've</FONT>
<BR><FONT SIZE=3D2>actually been riding it out now for over 2 =
weeks...</FONT>
</P>
<P> <FONT SIZE=3D2>The tech =
support is completely inept and trying to contact</FONT>
<BR><FONT SIZE=3D2>security/abuse is pointless. Final realization of =
this was when I was</FONT>
<BR><FONT SIZE=3D2>investigating another PacBell customers box which =
had been compromised</FONT>
<BR><FONT SIZE=3D2>via another PacBell customer machine. After the =
forensics to get back</FONT>
<BR><FONT SIZE=3D2>logs and track the intrusion I tried contacting =
PacBell to no avail and</FONT>
<BR><FONT SIZE=3D2>then resulting it tryin to get in contact with their =
customer directly.</FONT>
<BR><FONT SIZE=3D2>Which I managed to do and resolve the issue... I've =
never dealt with</FONT>
<BR><FONT SIZE=3D2>such an inept company before.</FONT>
</P>
<P> <FONT =
SIZE=3D2>Jeremy</FONT>
</P>
<P><FONT SIZE=3D2>On Mon, Mar 25, 2002 at 11:18:23AM -0800, Daniel M. =
Spielman wrote:</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> At 11:11 PM 3/24/2002 -0800, you wrote:</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> > =
Anyone have a telephone number that can reach a live person</FONT>
<BR><FONT SIZE=3D2>> >within Pacific Bell's Security/Abuse =
department? PacBell's technical</FONT>
<BR><FONT SIZE=3D2>> >support is completely inept with trying to =
help their customers when</FONT>
<BR><FONT SIZE=3D2>> >under any form of network attack other than =
passing you to a toll-free</FONT>
<BR><FONT SIZE=3D2>> >number which informs you to send email to =
an address that goes without</FONT>
<BR><FONT SIZE=3D2>> >answer.</FONT>
<BR><FONT SIZE=3D2>> ></FONT>
<BR><FONT SIZE=3D2>> > =
Respectfully,</FONT>
<BR><FONT SIZE=3D2>> > =
Jeremy T. Bouse</FONT>
<BR><FONT SIZE=3D2>> > =
UnderGrid Network Services</FONT>
<BR><FONT SIZE=3D2>> =
I've had a similar experience with their tech team. I was being </FONT>
<BR><FONT SIZE=3D2>> dos'd from a college in Chicago so I contacted =
them to have it filtered out </FONT>
<BR><FONT SIZE=3D2>> and they had no idea what I meant. They =
suggested I email the Admin at the </FONT>
<BR><FONT SIZE=3D2>> college to get it resolved. I started screaming =
at them how am i going to </FONT>
<BR><FONT SIZE=3D2>> email someone when I am being attacked. =
Then they transferred me to their </FONT>
<BR><FONT SIZE=3D2>> supervisor who was even more inept then they =
were. Frankly i gave up and </FONT>
<BR><FONT SIZE=3D2>> just waited out the dos attack which lasted 2 =
1/2 days. </FONT>
<BR><FONT SIZE=3D2>> </FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C1D439.53EADD90--
