[SATLUG] ATT Thanks you

John Champion satlugacct at jchampion.com
Sun Jan 7 12:45:34 CST 2007 

Might I suggest, for the time being, that you disconnect your network from
DSL. Wait a couple of hours, and then reconnect. 

That should do one of two things, stop the attack for the time being, thus
terminating exposure and/or give you a new IP provided you are on ATT's
Dynamic IP allotment.

You can also turn off whatever service on your machine that they are trying
to hack, by default, I have ping turned off and telnet. 

You may also try adding this IP to your hosts.deny file.

Good luck to you. 

-----Original Message-----
From: satlug-bounces at satlug.org [mailto:satlug-bounces at satlug.org] On Behalf
Of Luis Garza
Sent: Sunday, January 07, 2007 9:00 AM
To: satlug at satlug.org
Subject: [SATLUG] ATT Thanks you

I being the ever so slightly paranoid person, I do check my logs on a
regular basis.  I noticed that someone was attempting a buffer over flow on
my system.

69.153.198.255 - - [06/Jan/2007:16:43:39 -0500] "SEARCH
/\x90\xc9\xc9\xc9\xc9\

I did a whois on the IP and found that it was a fellow att customer.

I called their tech support and got a nice Indian lady who kept wishing me a
good day.  After the fourth "I hope that you are have a good day" I asked
for 2nd level support.

2nd level support apologized and said that they can only help with
connection  and password problems.  They then gave me another phone number.
When I called it, the person asked if I was reporting a bomb threat.  When I
explained the problem, they have me the same tech support number.

I then went on line and reported the problem.  I also connect with there on
line chat.  I am cutting and pasting it hear.  It is in reverse order as
that is how it is displayed.  Please scroll to the bottom and read going up.
The names have been changed to protect the innocent and dumb.

disconnect
ATT: Thank you
customer: Thanks ... I guess I'll just watch them try to hack my system and
wait the 48 hours until some one from att calls me back. Thanks
ATT: I wish I could have solved your problem
customer: I called them ... they said that they can correct connection
problems or passwords. They gave me the phone number for report bomb
threats.
customer: I am an att customer. I am being attacked by an att customer.
You are att.
ATT: Our voice support team at 1-877-722-3755 and ask them for a second tier
support
customer: Who else should you suggest that I turn too?
ATT: Hence, I could not do anything
ATT: I do not have expertise on it
customer: Thank you but how are you assisting me on stopping the hack
attempts by a fellow att customer?
ATT: I do not have expertise, hence, report the issue immediately
ATT: Luis, I am assisting to my best of my abilities
customer: Yes but I see them doing it now
customer: So are you telling me that an att customer can keep hacking me for
48 hours before att will contact me
ATT: Luis, please do not worry, they are going to take action immediately,
however, they will reply after 48 hours.
customer: ???
ATT: It is not the time they get into action
ATT: They will reply in 48 hours
customer: 48 hours! That may be too late!
ATT: Yes, they will reply to you and might contact you if required
customer: Will they even contact me?
ATT: They will reply to you after 48 hours.
ATT: I apologize, however, I do not know if they are going to take instant
action or not, however, they do
customer: Yes .. we they be able to stop them now?
ATT: Are you able to access the weblink?
ATT: Please report it to them
ATT: Yes, they take immediate action
customer: I understand that this is a violation of your policy but will they
be able to help me now?
ATT: http://help.sbcglobal.net/servabuse.php
ATT: The web link to contact them is
ATT: Please report it to them
ATT: The policy department
customer: Who does?
ATT: I apologize, I wish I could have assisted you immediately, however, I
do not have the expertise
customer: Yes but I am being hacked now!
ATT: They will take care of the rest
ATT: and report this issue.
ATT: http://help.sbcglobal.net/servabuse.php
ATT: Please contact our policy department via the weblink
customer: They have me a phone number for bomb threats not service abuse.
ATT: Okay
customer: Yes but they could not help me because it was not a connection
problem.
ATT: And you have had a conversation with our second tier support
ATT: I see you have contacted our voice support team
customer: This is a buffer overflow. They are trying to take control of my
system!
customer: It is not that kind of attack
customer: 69.153.198.255 - - [06/Jan/2007:16:43:39 -0500] "SEARCH
/\x90\xc9\xc9\xc9\xc9\xc
9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc
9\xc
9\xc9\xc9\xc9\xc9\xc9\xc9\
ATT: Is your e-mail account hacked?
customer: I have check my logs
customer: IP ends with 255; this could be one of your servers
ATT: How do you know that you have been hacked?
customer:  I am being hacked by a fellow att customer.  HELP!!!





Luis Garza
www.luisgarza.com
luis at luisgarza.com
lrgarza2000 at yahoo.com
--
_______________________________________________
SATLUG mailing list
SATLUG at satlug.org
http://alamo.satlug.org/mailman/listinfo/satlug to unsubscribe Powered by
Rackspace (www.rackspace.com)

More information about the SATLUG mailing list