Death of the Internet, Film at 11

Ronald F. Guilmette rfg at tristatelogic.com
Sun Oct 23 23:19:18 UTC 2016


In message <26b01962-9b09-11cb-0ac8-89cf3e0a5f96 at nuclearfallout.net>, 
John Weekes <jw at nuclearfallout.net> wrote:

>... I've recorded 
>about 2.4 million IP addresses involved in the last two months (a number 
>that is higher than the number of actual devices, since most seem to 
>have dynamic IP addresses). The ISPs behind those IP addresses have 
>received notifications via email...


Just curious... How well is that working out?

I've tried this myself a few times in the past, when I've found things
that appear to be seriously compromised, and for my extensive trouble
I've mostly received back utter silence and no action.  I remember that
after properly notifying security@ some large end-luser cable network
in the SouthEast (which shall remain nameless) I got back something
along the lines of "Thank you.  We'll look into it." and was disgusted
to find, two months later, that the boxes in question were still utterly
pwned and in the exact same state they were two months prior, when I
had first reported them.

I guess that's just an example of what somebody else already noted here,
i.e. that providers don't care to spend the time and/or effort and/or
money necessary to actually -do- anything about compromised boxes, and
anyway, they don't want to lose a paying customer.

So, you know, let's just say for the sake of argument that right now,
today, I know about a botnet consiting of a quarter million popped
boxes, and that I have in-hand all of the relevant IPs, and that I
have no trouble finding contact email addresses for all of the relevant
ASNs.  So then what?

The question is:  Why should I waste my time informing all, or even any
of these ASNs about the popped boxes on their networks when (a) I am
not their customer... as many of them have been only too happy to
gleefully inform me in the past... and when (b) the vast majority
simply won't do anything with the information?

And while we are on the subject, I just have to bring up one of my
biggest pet peeves.  Why is it that every time some public-spirited
altrusitc well-meaning citizen such as myself reports any kind of a
problem to any kind of a company on the Internet, the report itself
gets immediately labeled and categorized as a "complaint".  If I spend
some of -my- valuable time to helpfully try to let somebody else know
of a problem on their network, or with their web site, and if that
report gets categorized as a "complaint" then what does that make me?
A "complainer"??

I don't need this kind of abuse and denegration from people who I'm
trying to help.  Like most other people, if I am in need of some
personal denegration and abuse... well... I have relatives for that.


Regards,
rfg



More information about the NANOG mailing list