Complaining to an ISP about abuse?

Associate
Joined
9 Mar 2004
Posts
2,024
Location
York
Reviewing my logs tonight, and I find some pillock has been trying to attack my local ssh server, simply by trying different usernames! Anyway, needless to say I think something needs to be done to stop people from doing stupid things like this. So I would like to complain to the attacker's ISP so that hopefully the user will get a warning to cease being stupid.

Problem though, is that the user appears to be italian, and the WHOIS on the ISP url doesn't return an abuse email contact. So has anyone got any ideas?

This is the final hop:
15: host221-255-static.115-81-b.business.telecomitalia.it (81.115.255.***) asymm 14 130.297ms reached
(IP starred because as much as I'm annoyed by this guy, I'd rather complain properly)

Not sure I'll really be able to contact the ISP, but if anyone has any ideas on how to go about it, that'd be great.
 
You will be hit by these idiots all the time. Just script kiddies harrasing your router. As long as your router is tough enough to keep 'em out, just ignore them. (Maybe turn off ssh for a few days so he gives up)

Otherwise you could spend half your life chasing up every hacker....

Oh - and if you are going to try and protect the IP address, then you really should have trimmed the host name as well. You have just starred out 221. :)

(From a quick bit of nosing into that host name, it looks like it is coming from a business account of a Italian Telecom ISP. So it is probally just a bot on an infected PC.)
 
Whoising the IP, I got
Code:
remarks:      ************************************************
remarks:      *                Pay attention                 *
remarks:      *   Any communication sent to email different  *
remarks:      *   from the following will be ignored!        *
remarks:      *   [b]Any abuse reports, please send them to[/b]     *
remarks:      *       [b][email][email protected][/email][/b]        *
remarks:      ************************************************
 
tolien said:
Whoising the IP, I got
Code:
remarks:      ************************************************
remarks:      *                Pay attention                 *
remarks:      *   Any communication sent to email different  *
remarks:      *   from the following will be ignored!        *
remarks:      *   [b]Any abuse reports, please send them to[/b]     *
remarks:      *       [b][email][email protected][/email][/b]        *
remarks:      ************************************************

Which whois do you use? Certainly didn't get that on the first one in google.
 
You are also assuming that it's actually that specific user and it's not being remoted. Either way (s)he needs pulling off the network till it's sorted.
 
Reminds me of a bit of fun I had with a Nigerian hacker a couple of years ago. I was migrating a Data Centre from Newbury to Docklands for an ASP company. I was handling all the Cisco kit and my friend Neil was doing the windows/server installs. Anyway when I got the border routers up and running I plugged my laptop into the outside vlan for testing purposes and immediately Black Ice started screaming that our ip address range was being scanned. Gave me the originating IP address too. :-D

I then fired up retina and scanned that IP address back and found it was a old windows nt box with shed loads of ports open. Found port 80 and tried some of the old IIS hacks - only to find it had NO PATCHES installed!

Laugh - I nearly *language!*.

Spent the next 10 mins methodically sending "del" commands to IIS, which it promptly ran for me....

del c:\
del d:\
del c:\windows
del c:\windows\system32
etc.
etc.
etc.

Teach the scumbags to hack my networks!

:D
 
jamiemoles said:
Reminds me of a bit of fun I had with a Nigerian hacker a couple of years ago. I was migrating a Data Centre from Newbury to Docklands for an ASP company. I was handling all the Cisco kit and my friend Neil was doing the windows/server installs. Anyway when I got the border routers up and running I plugged my laptop into the outside vlan for testing purposes and immediately Black Ice started screaming that our ip address range was being scanned. Gave me the originating IP address too. :-D

I then fired up retina and scanned that IP address back and found it was a old windows nt box with shed loads of ports open. Found port 80 and tried some of the old IIS hacks - only to find it had NO PATCHES installed!

Laugh - I nearly *language!*.

Spent the next 10 mins methodically sending "del" commands to IIS, which it promptly ran for me....

del c:\
del d:\
del c:\windows
del c:\windows\system32
etc.
etc.
etc.

Teach the scumbags to hack my networks!

:D

because thats a responsible thing to do...

not to mention as illegal as what they were doing.

on a general note, I'd chill out if it's just a few brute force attempts, we see them all the time and can't be bothered responding. if you're worried restrict ssh to specified IPs as a security measure (or change the port - though i personally hate this 'security' measure).

truth is if you leave enough servers online long enough one will be compromised, noticing and reacting promptly is what makes the difference then.

if you're seeing serious abuse then drop the ISP an email at the abuse contact, I recently spoke to an italian ISP (can't remember who) and they were very helpful, had the user offline within hours. I don't know if they'll extend the same courtesy to end users though (I was speaking on behalf of an ISP). At least you're not dealing with a chinese ISP, they tend be pretty skilled attacks and have serious quantities of traffic involved and the ISPs just ignore abuse email and phone calls. I got fed up in the end and blocked a few /19s at the edge routers...
 
bigredshark said:
because thats a responsible thing to do...
not to mention as illegal as what they were doing

Who gives a monkeys as to whether deleting a hackers hard drive is responsible or not?

Thats like saying hitting a burglar who breaks into your house is irresponsible - it may well be, but TOUGH.

As for the legality side, technically as the offence took place in Nigeria the plod in this country wouldn't care.

:p
 
jamiemoles said:
Who gives a monkeys as to whether deleting a hackers hard drive is responsible or not?

Thats like saying hitting a burglar who breaks into your house is irresponsible - it may well be, but TOUGH.

As for the legality side, technically as the offence took place in Nigeria the plod in this country wouldn't care.

:p
Acutally. No. You could be extradited.
 
jdickerson said:
Acutally. No. You could be extradited.

Not only that, but what if the poor bugger whose machine you've messed up may have already been hacked and unaware his machine is being used to make these attacks?
 
Wyvern971 said:
Not only that, but what if the poor bugger whose machine you've messed up may have already been hacked and unaware his machine is being used to make these attacks?

Well after I'd finished with it, he didn't need to worry about that anymore...

:rolleyes:
 
Back
Top Bottom