Note: This column represents the opinions
of the writer and as such, is not represented as fact|
Like most Internet users, my firewall gets a hammering from script-kiddies,
dweebs, dorks and evil sods.
the contents of Aardvark's "million-dollar ideas" notebook
are revealed for all to see!
Many of these probes come from overseas, often bounced off poorly configured
servers in distant lands such as Korea, Japan, Taiwan or some Eastern
However, about six or seven times a week, I get some local idiot using
an Xtra dial-up account who is searching for a vulnerable user who unknowingly
has the SubSeven trojan or some other back door program sitting quietly
on their PC.
Now I'm not at all concerned -- my defenses are up and I keep a very close
eye on my firewall and security logs.
Need Cutting-Edge Copy?|
As NZ's longest-running online commentator, I'm looking for
extra syndication opportunities for this daily publication -- or I'm happy
to write casual or regular material specifically to order for print or
Net-based publications. If you're
interested, drop me a line
However, as we all know, there are many thousands of local Net users who would
probably suggest you dial 111 if you mentioned the word "firewall" and who
are running "out of the box" copies of Windows 95, complete with Netbios
bound to their dial-up adapters.
Until recently, I felt that it was a "good neighbor" thing to report the activities
of the Xtra-based script-kiddies and their evil probing activities to Xtra's security team.
When someone probed my cyber-regions from an xxx-xxx-xxx-xxx.dialup.xtra.co.nz
IP I would simply fire off an email to email@example.com. I'd include the
time/date, the type of probe and the IP number of the offender.
I would inevitably (sometimes a few weeks later) receive a courteous reply
informing me that the user had been "warned." Funny thing is I never once
got an email telling me "we've kicked the evil little sod off our network
and banned him from ever getting another Xtra account" -- such is the
need for Telecom to spin a profit I guess :-(
During the Code Red infection period, I also reported a number of obviously
infected machines in order that the owners could be notified and fix their
systems. It's all part of being a good netizen.
However, I'm not going to be submitting any more reports to Xtra, and neither
are a lot of readers who have written to me bitching about the change of
policy over there at Xtra's security department.
It seems that emailed security or spam abuse reports are no longer good enough
for the Telco giant.
Attempts to send reports to firstname.lastname@example.org or email@example.com now produce
an automated response that says, in part:
Xtra has automated the procedures for reporting allegations of abuse and
security breaches involving our network or customers. From 14 August 2001,
we no longer accept complaints via email. Please complete the appropriate
web forms at http://xtra.co.nz/help/0,,4128-647432,00.html.
Hey guys, I'm trying to do your vulnerable users a favour and report a dork
on your network. Don't go out of your way to make my life difficult by forcing
me to fill out some lame form!
I'm sure the justification will be that the team were receiving too many emails
that contained incomplete data and this was making the resolution of such
incidents too time consuming or even impossible.
There may be some validity to such a claim -- but what about those of us
who do know what we're doing and exactly what information is required? Why
force us through the same hoops as the neophytes?
It takes me just a few seconds to fire off all the details required in an email
but it takes much longer to fill out some dumb form.
And just who designed
the form for reporting network abuse?
I suspect that many of those who might wish to complain about some dork using
an Xtra dial-up or DSL account will be using some other ISP for their Net access.
So why are the fields "Your Xtra Username/Login ID" and "Password" flagged as
Mandatory? Hell, half the time they won't even apply!
Or is this Xtra's way of saying "we're only interested in receiving complaints
from our own customers"?
Here are some suggestions for Xtra:
Note that in point three (above) I was going to say "enforce your terms of
service" -- but I see that Xtra's
and policies don't seem to actually forbid users from trying to hack into
others computers. Or if it does, I can't find it.
- Accept emailed reports -- direct people to the form ONLY if they've
failed to supply some critical information.
- Fix that dumb form so that the type of novice who needs to use it isn't
going to be confused by not having an Xtra ID and password to put in the
- If your customers spam or attempt to hack into other people's computers
then cancel their accounts -- don't just pat them on the head and say "you
Mind you -- there are pages and pages of stuff there about payment, billing
money, etc, etc. It seems that hacking or spamming pale into insignificance
against the evil crime of being late with that cheque :-)
Save The Aardvark Fund
Yes, I have had several donations to the Aardvark fund and I thank those
who put their money where their mouse is :-)
If guilt is gnawing away inside you then there's still time to donate.
Just drop by and
hand over your loot.
Add Aardvark To Your Own Website!
Got a moment? Want a little extra fresh content for your own website or
Just add a
to your pages and you can get
a free summary of Aardvark's daily commentary -- automatically updated
each and every week-day.
Aardvark also makes a summary of this daily column available via XML using
the RSS format. More details can be found
Contact me if you decide to use either of these feeds and
have any problems.
Did you tell someone else about Aardvark today? If not then do it
There are new Vacancies Last added 2 Oct In The Job Centre
There are 14 Domain Names for sale