Time to start scripting
Paul Boven
the piece of software[1] that apparently spawned this particular piece
of software[2] but installing it and getting it to run still was, well
interesting. Sometimes (but not always) when you change a rule from
"Deny, log details" to "Deny, no logging", that rule will actually not
only still log, but it will log that it now passes packets, completely
contrary to the 'no logging' directive, let alone the "Deny" entry.
Fun, isn't it? Just what we want from a firewall, that it sort of
randomly interprets the ruleset. Reboots do bring the stated behaviour
in the ruleset and that showing in the logfile in sync again, but doing
that makes me feel rather dirty in a Richmond kind of way. And please
don't get me started on their Java administration interface. Which has
an offest of 2:30 in it's logging, and the files needed to fix that
according to the online docs are, of course, 404s.
Which is all of course just an interlude, a preparation to the real fun.
Which is: portscans. I run a unix boxen at home, always have, and apart
from being abused as a mailrelay for a weekend, things were uneventfull.
They still are, but now I can see the unbelievable amount of portscans,
probes and other attempts at mischief that get sent to my machine.
I am actually starting to wonder what you'd find analying the traffic
running into, and out of, a decent sized provider. What percentage
would be, say, UCE or spam, in email and news traffic? And how much of
the traffic would be portscans? Pingfloods? (D)DOS? Trojans checking
in with their maker, internet worms, infections in word-macro-files
being sent across? I once heard that spam + it's cancel- messages now
make up more than 50% of usenet-traffic. So it is not hard to imagine
such being the case with all the internet traffic. A depressing thought.
If only we had never allowed the lusers to get online in the first
place...
And it seems that the majority of of abuse-desks don't give a damn
about what their customers are up to. And most other institutions don't
care either. But I am not just going to ignore the problem.
I've decided the internet can stand a bit more bandwidth-wastage yet.
I've almost finished a sript that parses my firewall-logs, tries to
identify the domain- or netblock, and sends off mail to abuse or some
other entry. With as little human intervention as possible. This way, I
won't have to get upset about not getting replies. But it still feels
good to be automating the business of distributing larts. They might
not be very powerfull larts, or very effective ones, but I'm estimating
I could send out about 10 a day. Which makes it a few thousand a year:
strength in numbers. Any advice on how to make these boilerplate larts
most effective is welcome, by the way.
[1] I am using the word software here in the most derogatory sense, as if
having the neccesary swear-words already included in itself.
Sorry, too tired to build myself up to a real rant. And I think
most posters here will add such words automatically anyway.
[2] Won't get a tan with this. But see also [1].
--
------------------------------------------------------
| "Ehhh.. the young lady with the uzi, is she still |
| single?" - from Sneakers, only good hacker-movie. |
------------------------------------------------------
| Paul Boven, <p.b...@chello.nl> PE1NUT QRV 145.575 |
------------------------------------------------------
~
Tanuki the Raccoon-dog
<f...@thingy.apana.org.au> said
>On 15 Jul 2001 01:51:40 GMT,
>Paul Boven <pa...@node174f9.a2000.nl> wrote:
>:And it seems that the majority of of abuse-desks don't give a damn
>:about what their customers are up to.
>
>accounts off and keeping the money. This requires multiple reports, of
>course.
I'm so glad that there is *someone* out there who views the
"abuse" function as a profit-centre. Now if we can only get
this idea established in the mindset of a few major ISPs
worldwide...
--
!Raised Tails! -:Tanuki:-
"We're born with a number of powerful instincts, which are found across all
cultures. Chief amongst these are a dislike of snakes, a fear of falling,
and a hatred of popup windows" --Vlatko Juric-Kokic
Mike Andrews
: In <200107...@xenu.thingy.apana.org.au>, Red Drag Diva
: <f...@thingy.apana.org.au> said
:>On 15 Jul 2001 01:51:40 GMT,
:>Paul Boven <pa...@node174f9.a2000.nl> wrote:
:>:And it seems that the majority of of abuse-desks don't give a damn
:>:about what their customers are up to.
:>
:>In the abovementioned case, abuse@ turns a profit from switching abusers'
:>accounts off and keeping the money. This requires multiple reports, of
:>course.
: I'm so glad that there is *someone* out there who views the
: "abuse" function as a profit-centre. Now if we can only get
: this idea established in the mindset of a few major ISPs
: worldwide...
At least one Tier-1 has a $1K charge per valid UBE/UCE incident,
and IIRC they use it.[1]
[1] Nobody would give me details on how much money they
billed the spammer for, but AIUI the spammer's net.
gear was being held for ransom.
--
Thin, wizened adviser behind the throne to His Majesty Tom Betz,
Tsar for Good Internet Practices, NANAE.
(TintwabtttHMTBTfGIPNANAE)
Paul Brown
> Tanuki the Raccoon-dog <Tanuki@canis-^hmajor.da^hemon.co.uk> wrote:
> : In <200107...@xenu.thingy.apana.org.au>, Red Drag Diva
> : <f...@thingy.apana.org.au> said
> :>On 15 Jul 2001 01:51:40 GMT,
> :>Paul Boven <pa...@node174f9.a2000.nl> wrote:
> :>:And it seems that the majority of of abuse-desks don't give a damn
> :>:about what their customers are up to.
> :>
> :>In the abovementioned case, abuse@ turns a profit from switching abusers'
> :>accounts off and keeping the money. This requires multiple reports, of
> :>course.
> : I'm so glad that there is *someone* out there who views the
> : "abuse" function as a profit-centre. Now if we can only get
> : this idea established in the mindset of a few major ISPs
> : worldwide...
> At least one Tier-1 has a $1K charge per valid UBE/UCE incident,
> and IIRC they use it.[1]
Oooh ooh - name names - I have some idiot customers who need to use
this lot as ISPs.
Paul
Not a UI Request - I am going to use this for pure recovery
--
Being a geek is a state of mind
Being paid to be a geek is a state of utopia
- p...@geekstuff.co.uk
Suresh Ramasubramanian
> [1] Nobody would give me details on how much money they
> billed the spammer for, but AIUI the spammer's net.
> gear was being held for ransom.
-suresh
Jay R. Ashworth
to Hawkeye and me and said:
> [1] Nobody would give me details on how much money they
> billed the spammer for, but AIUI the spammer's net.
> gear was being held for ransom.
C'mon' NetGear stuff is cheap; hold the 7500.
Cheers,
-- jra
--
Jay R. Ashworth j...@baylink.com
Member of the Technical Staff Baylink
The Suncoast Freenet The Things I Think
Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015
OS X: Because making Unix user-friendly was easier than debugging Windows
-- Simon Slavin, on a.f.c (apologies for the delay in attribution)
Mike Andrews
: *Right* in the middle of the appendectomy, Mike Andrews turned
: to Hawkeye and me and said:
:> [1] Nobody would give me details on how much money they
:> billed the spammer for, but AIUI the spammer's net.
:> gear was being held for ransom.
: C'mon' NetGear stuff is cheap; hold the 7500.
Erm ... net.gear != NetGear.
net.gear == {Cisco 7000, big Sun swervers, other interesting and
expensive stuff}
If they'd been using NetGear HW, how much of a threat to the Net
could they have been? And don't you think that any decent co-lo
would have found its staff ROFL and holding their sides? I do.
--
"AOL would be a giant diesel-smoking bus with hundreds of ebola victims on
board throwing dead wombats and rotten cabbage at the other cars"
- a.s.r throws the Information Superhighway metaphor into reverse.
Shmuel (Seymour J.) Metz
In <slrn9l3en6...@blackehlo.cluestick.org>, on 07/15/2001
at 03:38 PM, dev...@hserus.net (Suresh Ramasubramanian) said:
>Nzrevgrpu has (or is it _had_?) a cleanup fee of $2500 per incident,
>IIRC.
Does this mean that they've cleaned up their act?
--
Shmuel (Seymour J.) Metz, SysProg and JOAT
Reply to domain acm dot org user shmuel to contact me.
"He was born with a gift of laughter,
and a sense that the world was mad."
Steve Sobol
>>Nzrevgrpu has (or is it _had_?) a cleanup fee of $2500 per incident,
>>IIRC.
>
>Does this mean that they've cleaned up their act?
They were the first to charge cleanup fees, IIRC. But they were much better,
and much more responsive to customers, before the merger with
$BIG_PHONE_COMPANY_THAT_DOESN'T_GIVE_A_FLYING_FUCK_ABOUT_SERVING_
THEIR_CUSTOMERS.
This applies to both the dot-com (the telco side) and the dot-net (the ISP).
Those of you in .us know which company I speak of, I'm sure.
**SJS (speaking from years of experience dealing with Nzrevgpu both pre-
and post-merger)
--
JustThe.net LLC - Steve "Web Dude" Sobol, CTO - sjs...@JustThe.net
Donate a portion of your monthly ISP bill to your favorite charity or
non-profit organization! E-mail me for details.
Shmuel (Seymour J.) Metz
In <slrn9l4eul....@amethyst.nstc.com>, on 07/16/2001
at 12:56 AM, sjs...@NorthShoreTechnologies.net (Steve Sobol) said:
>They were the first to charge cleanup fees, IIRC. But they were much
>better, and much more responsive to customers, before the merger with
>$BIG_PHONE_COMPANY_THAT_DOESN'T_GIVE_A_FLYING_FUCK_ABOUT_SERVING_
>THEIR_CUSTOMERS.
Living where I do, that description sounds more like Irevmba[1], but
I suppose that where you are Nzrevgrpu would be the one to come to
mind.
[1] Merger of Uryy Ngynagvp and TGR.
Jeff Mcadams
>$BIG_PHONE_COMPANY_THAT_DOESN'T_GIVE_A_FLYING_FUCK_ABOUT_SERVING_
>THEIR_CUSTOMERS.
Sorry, but that's redundant.
>Those of you in .us know which company I speak of, I'm sure.
Could be any of 4.
--
Jeff McAdams Email: je...@iglou.com
Head Network Administrator Voice: (502) 966-3848
IgLou Internet Services (800) 436-4456
Garrett Wollman
Jeff Mcadams <je...@team.iglou.com> wrote:
>>Those of you in .us know which company I speak of, I'm sure.
>
>Could be any of 4.
s/4/6/g
(Unless you were of the impression that Fcevag/Havgrq and Pvgvmraf
cared any more about pleasing their customers than VZ, BLS, Q, and SBC
do -- which people I know would care to contest.)
-GAWollman
--
Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same
wol...@lcs.mit.edu | O Siem / The fires of freedom
Opinions not those of| Dance in the burning flame
MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick
Dan Holdsworth
<p...@read.the.sig.coz.this.address.is.invalid>
was popularly supposed to have said:
[...]
>> At least one Tier-1 has a $1K charge per valid UBE/UCE incident,
>> and IIRC they use it.[1]
>
>Oooh ooh - name names - I have some idiot customers who need to use
>this lot as ISPs.
I could've done with something like this at my former place of Ork;
as "Bloke who has a script wot can track down lusers" [1] I got to
sort out some of the many and varied skript [2] kiddies.
Unfortunately, I worked for a place which was slowly proving that the
"Free ISP wot parasitizes a share of the phonebill" is not, and will
not be a going concern. They've still there, which perhaps shows that
mindless stupidity, non-existant staff management skills and incredibly
crap wages is a formula which keeps the company lurching zombie-like
onwards.
That and the fact that they were (and probably still are) part of an
on-going tax scam [4] for a larger parent company, a certain purveyor
of crap PCs to the unclued.
So, apart from trying (as permanently as possible) to kick off lusers
and prevent them re-establishing contact, they had no way to hold the
little bastards to ransom, and cared not for the option of sueing
lusers. Which was a pity, really...
[1] Bastard radius log searcher, with bells'n'whistles. Effective in
locating lusers based on IP. Reproduction of same, in scripting
language of choice, is left as an exercise for the student...
[2] Very kiddie-like, too. They tended to work on the basis of "Do
something stupid and log off quick before the Big Bad BOFH [3]
comes sniffing round with the LART. Utterly ineffective with NTP,
but rather amusing...
[3] A certain middle-manager. Brains of a retarded flea, diplomatic
skills of Ghengis Khan, and very definitely not a man to argue
with. A perfect "fire and forget" LART.
[4] Nothing illegal, of that I am certain. Reason is, the company has
pissed off so many ex-employees over the years that if anyone
actually had evidence of any wrongdoing, they'd have told the
Inland Revenue ages ago to exact revenge. It is _that_ [5] sort
of company.
[5] And it may soon be listed on the pages of the infamous
http://www.fuckedcompany.com/
--
Dan Holdsworth PhD da...@supanet.com
By caffeine alone I set my mind in motion, By the beans of Java
do thoughts acquire speed, hands acquire shaking, the shaking
becomes a warning, By caffeine alone do I set my mind in motion