[OLUG] Caution to @home users

Jeff Hinrichs jlh at home.com
Sun Apr 9 05:24:00 UTC 2000 

Actually @Home has been scanning for a couple of months.  I get one or two
scans for NNTP server a day.  They also tried scanning for BO a few weeks
ago.  I got a call from one of their sys-admins when they received my email.
(I wrote abuse at home.com, told them I have logged them trying to break in to
my computer and if they did it again I would file a complaint with the local
law enforcement)  They basically said that the scan was benevolent, trying
to protect the stupid from being zombied.  I told them that scanning for BO
was beyond the pale, explicitly against the AUP and if they did it again I
would file a formal complaint with local law enforcement (believe it or not,
OPD has an active computer crimes division -- they mainly handle kiddie
pr0n)

By the way, if you run winboxen on an always on internet connection you
should check out the BlackIce intrusion detection system
(http://www.networkice.com/).


Jeff Hinrichs
jlh at home.com

----- Original Message -----
From: "John P McDaniel" <jpmcdaniel at home.com>
To: <olug at bstc.net>
Sent: Saturday, April 08, 2000 11:31 PM
Subject: Re: [OLUG] Caution to @home users


>
> i get quite a few scans from 24.0.94.130 (resolves to
> authorized-scan.security.home.net) on port 119.  i doubt that they will
> ever do anything with this data.  especially since i started rejecting
> traffic from them. :)
>
> i asked the technician who installed my cablemodem a lot of questions
> regarding how cox feels about servers and connection sharing,
> etc.  basically, don't eat up a lot of bandwidth and they couldn't care
> less.
>
> - john
>
> --
>    cancer - cells with an ego problem
>    humans - a species with an ego problem
>
> On Sat, 8 Apr 2000, David A Davidson wrote:
>
> > I thought many of the @home subscribers might find this interesting. I
> > am running
> > zonealarm personal firewall on a windows 95 box (yuk I know). Lately
> > I've
> > been getting alerts regarding access to my computer from DNS host
> > hda1.rdc1.ne.home.com. Well it turns out their looking for open SMTP
> > ports or people running servers. Technically Linux is a server even if
> > your not offering
> > services over the internet. I though that everyone should be concerned
> > about this
> > intrusion. It may also be yet another attempt to prevent Linux being
> > used by users. Below you'll find my email message to Cox at home and their
> > reply. The
> > best service is one of openness on the part of businesses to their
> > customers. Hope
> > you find this information useful. I also found it interesting that @home
> > now suggests
> > they scan their systems routinely when this activity has only started
> > this week.
> >
> > My email message to Cox at home.
> >
> > To whom it may concern. I am running a personal firewall. About every
> > ten minutes I am getting an SMTP request from address 24.2.4.66. DNS
> > lookup shows the internet addres of hda1.rdc1.ne.home.com. I believe
> > this server to be coming from your facilities. Could you please tell why
> > this is so and please stop attempting to circumvent my system. This is a
> > violation of my computer. Thank you. All names
> > and places removed to protect the confused.
> >
> > Cox at home reply
> >
> > To answer your question: @Home routinely scans its network to ensure
> > that it
> > is not being used improperly. They scan for open ports that spammers
> > could
> > latch onto to send email from an unsuspecting user's account. They also
> > scan
> > for servers, as running any type of server is against the @Home
> > acceptable
> > use policy. If you are being queried on a regular basis it may be that
> > @Home
> > was alerted to possible server activity on your subnet. In this case
> > everybody on the subnet would be scanned until it was determined who (if
> >
> > anybody) is actually running a server.  @Home is not trying to access
> > your
> > computer, just trying to maintain quality of service for our
> > subscribers.
> > They are within their right to do so according to the Acceptable Use
> > Policy.
> > I apologize if the scans caused you any stress. However, @Home will
> > continue
> > to query users on its network on an ongoing basis, again, to ensure that
> >
> > subscribers are not violating the AUP and inconveniencing other
> > subscribers
> > in the process.
> >
> > thank you,
> >
> >
> >
> >
> >
>
> -------------------------------------------------------------------------
> > Sent by OLUG Mailing list Manager, run by ezmlm.  http://olug.bstc.net/
> > To unsubscribe: `echo unsubsribe | mail olug-unsubscribe at bstc.net`
> >
>
>
> -------------------------------------------------------------------------
> Sent by OLUG Mailing list Manager, run by ezmlm.  http://olug.bstc.net/
> To unsubscribe: `echo unsubsribe | mail olug-unsubscribe at bstc.net`
>


-------------------------------------------------------------------------
Sent by OLUG Mailing list Manager, run by ezmlm.  http://olug.bstc.net/ 
To unsubscribe: `echo unsubsribe | mail olug-unsubscribe at bstc.net`

More information about the OLUG mailing list