[SATLUG] ATT Thanks you

Sun Jan 7 08:59:34 CST 2007

I being the ever so slightly paranoid person, I do check my logs on a
regular basis.  I noticed that someone was attempting a buffer over flow
on my system.

69.153.198.255 - - [06/Jan/2007:16:43:39 -0500] "SEARCH
/\x90\xc9\xc9\xc9\xc9\

I did a whois on the IP and found that it was a fellow att customer.

I called their tech support and got a nice Indian lady who kept wishing me
a good day.  After the fourth "I hope that you are have a good day" I
asked for 2nd level support.

2nd level support apologized and said that they can only help with
connection  and password problems.  They then gave me another phone
number.  When I called it, the person asked if I was reporting a bomb
threat.  When I explained the problem, they have me the same tech support
number.

I then went on line and reported the problem.  I also connect with there
on line chat.  I am cutting and pasting it hear.  It is in reverse order
as that is how it is displayed.  Please scroll to the bottom and read
going up.  The names have been changed to protect the innocent and dumb.

disconnect
ATT: Thank you
customer: Thanks ... I guess I'll just watch them try to hack my system
and wait the 48 hours until some one from att calls me back. Thanks
ATT: I wish I could have solved your problem
customer: I called them ... they said that they can correct connection
problems or passwords. They gave me the phone number for report bomb
threats.
customer: I am an att customer. I am being attacked by an att customer.
You are att.
ATT: Our voice support team at 1-877-722-3755 and ask them for a second
tier support
customer: Who else should you suggest that I turn too?
ATT: Hence, I could not do anything
ATT: I do not have expertise on it
customer: Thank you but how are you assisting me on stopping the hack
attempts by a fellow att customer?
ATT: I do not have expertise, hence, report the issue immediately
ATT: Luis, I am assisting to my best of my abilities
customer: Yes but I see them doing it now
customer: So are you telling me that an att customer can keep hacking me
for 48 hours before att will contact me
ATT: Luis, please do not worry, they are going to take action immediately,
however, they will reply after 48 hours.
customer: ???
ATT: It is not the time they get into action
ATT: They will reply in 48 hours
customer: 48 hours! That may be too late!
ATT: Yes, they will reply to you and might contact you if required
customer: Will they even contact me?
ATT: They will reply to you after 48 hours.
ATT: I apologize, however, I do not know if they are going to take instant
action or not, however, they do
customer: Yes .. we they be able to stop them now?
ATT: Are you able to access the weblink?
ATT: Please report it to them
ATT: Yes, they take immediate action
customer: I understand that this is a violation of your policy but will
they be able to help me now?
ATT: http://help.sbcglobal.net/servabuse.php
ATT: The web link to contact them is
ATT: Please report it to them
ATT: The policy department
customer: Who does?
ATT: I apologize, I wish I could have assisted you immediately, however, I
do not have the expertise
customer: Yes but I am being hacked now!
ATT: They will take care of the rest
ATT: and report this issue.
ATT: http://help.sbcglobal.net/servabuse.php
ATT: Please contact our policy department via the weblink
customer: They have me a phone number for bomb threats not service abuse.
ATT: Okay
customer: Yes but they could not help me because it was not a connection
problem.
ATT: And you have had a conversation with our second tier support
ATT: I see you have contacted our voice support team
customer: This is a buffer overflow. They are trying to take control of my
system!
customer: It is not that kind of attack
customer: 69.153.198.255 - - [06/Jan/2007:16:43:39 -0500] "SEARCH
/\x90\xc9\xc9\xc9\xc9\xc
9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc
9\xc9\xc9\xc9\xc9\xc9\xc9\
ATT: Is your e-mail account hacked?
customer: I have check my logs
customer: IP ends with 255; this could be one of your servers
ATT: How do you know that you have been hacked?
customer:  I am being hacked by a fellow att customer.  HELP!!!

Luis Garza
www.luisgarza.com
luis at luisgarza.com
lrgarza2000 at yahoo.com