+ Post New Thread
Results 1 to 10 of 10
Internet Related/Filtering/Firewall Thread, ISP response to abuse reports in Technical; I'm currently fuming with Tiscali/TalkTalk. I have an IP attempting to intrude into my network (56-640k traffic to port 443 ...
  1. #1

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,776
    Thank Post
    764
    Thanked 541 Times in 424 Posts
    Rep Power
    259

    ISP response to abuse reports

    I'm currently fuming with Tiscali/TalkTalk. I have an IP attempting to intrude into my network (56-640k traffic to port 443 of my mail server every 2 seconds since tuesday) I have set firewall to drop packets already but Tiscali have just told me that "it is against there policy to intrude onto what there customers are doing online" and when I told him that this wasn't a good enough answer and that I wanted to speak to his supervisor he hung up.

    I've emailed the abuse address, is there anything more I can do?

    I'm sure his repsonse was a 'we can't bothered to do anything' not 'we can't do anything' as I've previously been phoned by three different ISPs to tell me that something on my network is awry. First on my home network (BT) for my sisters dev server which she accidentally left as an open relay, once on a network I was looking (demon) after to tell me one of my clients was compromised and sending out a similar level of requests, and once recently (SWGFL) to tell me that traffic was arriving at there network from a route which wasn't their router and they didn't like it much. So I know it's possible. what is their problem?

  2. #2

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    5,875
    Thank Post
    574
    Thanked 998 Times in 770 Posts
    Blog Entries
    15
    Rep Power
    461
    They are obliged to do something of course - naturally they won't give out any details for obvious reasons but they do have to look into it. Anything further than that (i.e. getting back to you saying they've taken action) is optional. It would of course be nice to know even if they get back to you and say it's a customer's machine that's been compromised or something and they've taken steps to help that customer.

    Unfortunately other than being unprofessional, ignorance is rather common with many ISPs, and we all know what Talktalk are like. Big companies (Hetzner is a good recent example) have had half their entire traffic cut in the past because they couldn't be arsed to act on things like this.

  3. Thanks to synaesthesia from:

    Oaktech (23rd August 2013)

  4. #3


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,630
    Thank Post
    275
    Thanked 777 Times in 604 Posts
    Rep Power
    223
    I'm assuming the guy you spoke to was a first-line scriptreader? abuse@ is the appropriate contact for reporting technical things. Their helldesk will be largely geared towards "reboot your router" type problems and will mostly segfault on anything outside the script.

    You could always try Richard Lawrence if you don't get anywhere: Richard Lawrence - United Kingdom | LinkedIn

  5. Thanks to pete from:

    Oaktech (23rd August 2013)

  6. #4


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    I think having a policy of not blocking things without a court order is a good thing.
    Imagine the hassle they'd have with maintaining all the firewall rules if every customer was asking for things to be blocked at the ISP level.

  7. Thanks to CyberNerd from:

    Oaktech (23rd August 2013)

  8. #5

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,776
    Thank Post
    764
    Thanked 541 Times in 424 Posts
    Rep Power
    259
    I'm not asking them to block something, i'm asking them to check the quantity of traffic from one user and contact them to perhaps suggest they may have a virus of some sort.

  9. #6

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,776
    Thank Post
    764
    Thanked 541 Times in 424 Posts
    Rep Power
    259
    Quote Originally Posted by pete View Post
    I'm assuming the guy you spoke to was a first-line scriptreader? abuse@ is the appropriate contact for reporting technical things. Their helldesk will be largely geared towards "reboot your router" type problems and will mostly segfault on anything outside the script.

    You could always try Richard Lawrence if you don't get anywhere: Richard Lawrence - United Kingdom | LinkedIn
    I'm not sure. The first person I spoke to was called Aled and took down my name and organisation, the attacking IP, my IP my contact etc. I then got put on hold while went to get advice as to who to put me through to, I was on hold for about 5 minutes and when I got picked up again it was an indian guy who wouldn't really listen.

  10. #7


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by Oaktech View Post
    I'm not asking them to block something, i'm asking them to check the quantity of traffic from one user and contact them to perhaps suggest they may have a virus of some sort.
    oh I see. Can you get any info from the IP to contact them yourself?

  11. Thanks to CyberNerd from:

    Oaktech (23rd August 2013)

  12. #8

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,776
    Thank Post
    764
    Thanked 541 Times in 424 Posts
    Rep Power
    259
    Quote Originally Posted by CyberNerd View Post
    oh I see. Can you get any info from the IP to contact them yourself?
    the IP resolves to a dynamic pool from tiscali and suggests either central london or windsor. the last hop on a traceroute before it times out is 85.210.255.137 which suggests it is in hounslow. more than that I can't gather, unless there is a tool i'm missing...

  13. #9

    Join Date
    Jan 2009
    Location
    Burton On Trent
    Posts
    127
    Thank Post
    23
    Thanked 28 Times in 20 Posts
    Rep Power
    16
    Quote Originally Posted by CyberNerd View Post
    oh I see. Can you get any info from the IP to contact them yourself?
    All you can get from an IP is the owner of the block; which will be the ISP.
    Without a court order, you wont be able to match the specific IP to a customer.
    Due to the huge level of 'background static' of compromised machines launching attacks against services and scanning ports no ISP is going to chase up and block intrusion attempts unless it is affecting any Service Level agreements they have with the affected customer.
    Really the only options open is to report it via abuse@ to the ISP of the originating traffic and your own ISP. Configure your edge firewall to drop packets from those addresses and monitor your service levels. If it has too much effect on your available bandwidth then you can complain to your ISP

  14. Thanks to peterp from:

    Oaktech (23rd August 2013)

  15. #10


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    I figured you might be able to nmap it and see if its running any services which could give some more info about the owner.

  16. Thanks to CyberNerd from:

    Oaktech (23rd August 2013)

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 176
    Last Post: 5th February 2011, 12:07 AM
  2. HP response to a technical question
    By stariq in forum General Chat
    Replies: 8
    Last Post: 18th January 2010, 03:32 PM
  3. Script AJAX form responses to RM easymail plus
    By MicrodigitUK in forum Scripts
    Replies: 0
    Last Post: 23rd November 2009, 11:19 AM
  4. No response to Ctrl alt del
    By Face-Man in forum Windows
    Replies: 12
    Last Post: 27th November 2008, 11:48 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •