[SATLUG] ATT Thanks you

[Daniel J. Givens]

Most ISPs do not take immediate action on these sorts of things. If
they did, they would be completely overwhelmed. Think about how big
AT&T is and how many customers, commercial and residential, they have.
If you had a smaller ISP, then the response time might be better, but
it is AT&T.

Since most of these attacks are from zombies, there isn't much that
can be gained. Law enforcement isn't going to get involved and the
customer who's system is attacking you MIGHT get their account
temporarily suspended. If you were being DDoS'd, then they would
probably work with you more, but then again, if you don't have a
commercial account, you wouldn't get top priority unless it was
affecting other customers.

I get people constantly beating on my SSH, web, and FTP services. I
used to report them to the ISP they came from (abuse at whatever.com),
but rarely did I ever hear anything back so I stopped. If it's not
something that is actually going to break your server, then make sure
your system is up to date and ignore it. Dealing with the numerous
botnets is all part of having a publicly accessible service. If they
bother you too much, start adding iptables rules against them like
others have already said.

Luis Garza wrote:
> I being the ever so slightly paranoid person, I do check my logs on a
> regular basis.  I noticed that someone was attempting a buffer over flow
> on my system.
> 
> 69.153.198.255 - - [06/Jan/2007:16:43:39 -0500] "SEARCH
> /\x90\xc9\xc9\xc9\xc9\
> 
> I did a whois on the IP and found that it was a fellow att customer.