Re: Dumb ISP of the week

[Wozz <wozz+incidents () WOOKIE NET>]

I'm curious why you even sent this to Pac Bell.  If I understand correctly, you
are a Pac Bell customer, and the person attacking you is on SAVVIS.  This is
probably a form letter to let you know that you should be contacting SAVVIS.
Other than a poorly designed form letter, I'm not sure whats so dumb about this.

As an abuse@ reader I'm curious as to people's motivation behind letting their
own ISP's know about attacks originating from remote ISP's.  ISP abuse teams
barely have enough time to police their own users, why would you think they would
have time to police other ISP's users?

Did you even send a copy of this complaint to SAVVIS?

Don't get me wrong, this email is not meant to imply that SBC is not full of
idiots, I'm just curious abotu this particular incident.

On Mon, Aug 21, 2000 at 11:14:20AM -0700, John Pettitt wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> This weeks prize goes to Shawna at  PacBell (aka SBC) - see below
>
> > Date: Mon, 21 Aug 2000 04:21:38 -0700 (PDT)
> > From: support_replies () pacbell net
> > Subject: Re : Security issue
> > To: jpp () cloudview com
> >
> >
> > Hello User jpp () cloudview com,
> > I have received your email regarding your security issue.
> > E-mail the postmaster from where the e-mail came. For instance,
> > if the mail came from userID () someisp net, forward it and a complaint
> > to postmaster () someisp net. This should resolve your issue.
> > Thank you for choosing SBC Internet Services.
> > Regards,
> > Shawna
> > Technical Analyst
> > SBC Internet Services
> > Try our online help at http://support.pacbell.net
> > Remember its quick, hassle free, and is always available!
> > ~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~
> > You Wrote :
> > We detected the following security related activity from your network.
> > > To: root () cloudview com
> > > Subject: gatekeeper 08/19/00:04.59 system check
> > > Date: Sat, 19 Aug 2000 04:59:02 -0700 (PDT)
> > > From: root () cloudview com (Superuser)
> > >
> > >
> > > Security Violations
> > > =-=-=-=-=-=-=-=-=-=
> > > Aug 19 04:13:08 gatekeeper snort[5740]: IDS277 - NAMED Iquery Probe:
> > > 209.233.27.39:2482 -> 216.103.77.155:53
> > > Aug 19 04:13:08 gatekeeper snort[5740]: MISC-DNS-version-query:
> > > 209.233.27.39:2482 -> 216.103.77.155:53
>
>
> Arrrgggghhh,
>
>
>
>
>
> John Pettitt                                     Email: jpp () cloudview com
>
> "Attention spam" - The length of time it takes you to realize an email
> isn't worth reading.
>
> PGP keys on MIT & pgp.com servers.
> Fingerprint: 81B5 446D 3E0E 1CDE 5A45  644A A744 54C4 7886 3658
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Personal Privacy 6.5.3
> Comment: Get my keys from the pgp.com LDAP server
>
> iQA/AwUBOaFxfKdEVMR4hjZYEQKEYACfUqNJKanGdEnOPVaJvTaMChXCAwEAn1Pl
> AIqjcKASK6+0u+QBSymJoHIB
> =y9tR
> -----END PGP SIGNATURE-----