On 2 Sep 99, at 17:22, Bill Fox wrote:
> Personally, I'd like to see more people get a bit more proactive in
> solving 'weird' log entries such as this. It could help a bit in clearing
> up a small of the 'net congestion. Quite often these types of
> 'transactions' are simply due to a misconfig somewhere, and contacting the
> admins (in a businesslike manner) is usually appreciated more than
> resented. I know that I'd be more than happy to help solve any erroneous
> packets coming from my machines, if someone were to contact me about it.
I wish this attitude were more common.
(1) We used to see 3-12 weird packets a day from Demon (large UK ISP). We
finally concluded that each time we connected to one of their mail servers,
there was some chance that some piece of their network infrastructure was
going to send us a copy of the previous outbound packet (with our IP address
replacing the original destination). We didn't particularly care that this
seemed to indicate that Demon's operators seemed to be playing Quake and the
like over the net a lot, we just wanted it to stop. We were told that Demon
was working with one of their vendors to fix it, and eeventually it did stop -
- for about six months. It's back.
(2) There's a mail server in Germany that we contact regularly at x.y.z.132.
Every time we connect to it, we get a SYN|ACK response packet from x.y.z.142 -
- apparently in addition to the session we establish and carry on with the
server at .132. I've reported this to the owners of the server, without
response.
(3) Months back, a customer of a small Texas ISP apparently attempted an SNMP
scan of our subnet -- several times. When we reported it, the ISP configrmed
that they were trying to set up management for their new subnetand were
having a little difficulty with configuration -- and didn't seem to regard
the issue as very serious.
After two more scans (different subnet, same ISP), I called again; ISP
confirmed that they had moved customer to a new subnet; also claimed that
latest HP JetDirect drivers seemed to have a bug that was related to this....
Of note was that the ISP treated my second call much more seriously and
professionally than the first. It turned out that my first call had been
followed by calls from NASA and at least two military branches who had *also*
been scanned in error, and these managed to get the attention of the ISP's
management....
David G
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
