O/T: Nuking would-be intruders

O/T: Nuking would-be intruders

From: Stephen Loosley <stephen§melbpc.org.au>
Date: Thu, 27 Jun 2002 00:52:09 +1000
Hi there ..

Advice, if possible ..

In the last hour the following IP addresses have attempted
to access this machine, via a wide variety of port numbers.

Doing a whois on them simply tells me they are re-assigned,
and, complaining results in various versions of auto response
emails, such as the one also copied below.

Question, what else can one do about such would-be intruders?

ZoneAlarm assures me that they wouldn't have seen me, but I'm
not satisfied with that. Any ideas on more direct ways of returning
the compliment, other than just complaining to their relevant whois
email contact address? Telnetting them gets nowhere. For example
an IP seeking thermonuclear device would be wonderfully satisfying.

This message is in response to the abuse report you sent to abuse&#167;venturesonline.com

Thank you very much for reporting this incident to Ventures Online. This is an automatic response to let you know that we have received your report regarding a Violation of our Terms and Conditions or Network Abuse issue involving an account on Ventures Onlines Network, and are taking the necessary steps to resolve the situation.

Once our investigation is complete, appropriate action, in accordance with our Terms and Conditions, will be taken against the offending account immediately. Since the current volume of mail prohibits a personal reply to all reports, unless additional information is required, this may be the only response you will receive.

If you are reporting an abuse issue, (ie: spam, harassment, etc.) please include the following to assist us in a prompt and full evaluation of your report:

1) Original subject line. Please forward the email with a subject identical to the original subject. 
2) Complete headers. Email programs often display abbreviated headers. 
Please consult your email program's help system for more information on viewing full headers.
3) Complete message body. Please include the complete, unedited content of the email message in question. Please do not change or edit the message in any way.

If reports of email abuse are missing any one of these three items, it may take longer for the Ventures Online Mail Abuse Team to properly investigate and take appropriate action.

Please forward these reports of abuse to abuse&#167;venturesonline.com.

If you are reporting an incident with pet.vosn.net, please note this has been 
forged. pet.vosn.net has been taken off our network as of 4/15/2002, despite 
this some abuser is using this domain to forge mail. The source of the email 
is not coming out of our network.

Here is an example: 

Received: from ([]) by pet.vosn.net with local; Jun, 19 2002 2:59:19 AM +1200

If you preform an rwhois lookup on the source ip that is in brackets, you 
will see that it is not assigned to us. Email forgery is a large problem, 
and due to the number of complaints we will not reply to each request. 

The best thing to do is perform a rwhois lookup (http://ws.arin.net/cgi-bin/whois.pl)
and if there is a valid contact address please contact them.

However, this particular spammer often uses non-assigned blocks. 
If you are having problems locating a source, please contact your mail 
administrator and have him/her discover which server your mail 
originated from. 

Ventures Online Support Team 


Thanks people
Stephen Loosley
Vermont Secondary
Received on Fri Oct 03 2003 - 00:00:00 UTC

This archive was generated by hypermail 2.3.0 : Sat Sep 09 2017 - 22:00:05 UTC