I feel that I must raise an old issue that has been kicked around this forum a few times. It centers on ethical vs. unethical hacking.
For over 2 weeks my small home web site has been hit by a constant URL scan from a particular host. The scan runs for 10 minutes for every hour of the day. The scans were harmless, other than:
1. Taking away bandwidth that I pay for.
2. Wasting CPU and memory to process and deny the probe.
3. Filling my logs to the point of bust!
Yes, yes, yes I know that I could have filter out this one IP with an ACL and been done with it, but I figured I would try to use the “Internet superhighway rules of the road.” I went through the motions of monitoring, accumulating and reporting. I parsed my log files (router, IIS, and server security logs), conducted ARIN searches and tracked down the owner of the offending machine. I sent emails which went without response (3 times on 3 different days). Friday I called the number listed from the ARIN WHOIS result and actually was able to speak with the gentleman named under abuse reporting (to my surprise being the 2nd of Jan and all). He did confirm that this IP belonged to his organization and informed me that it was their web server! He said he never received any of my emails. So I confirmed his email address again and resent him list while on the phone with him. I asked him if it was possible that this machine had a virus or was being used as a zombie to conduct these probes. At this point he became very upset and asked me who I was to question their security methods. I added that I was only asking if it could have been the before mentioned ideas because I didn’t think these attacks were a deliberate part of their business practice. Well that really set him off and he was off the phone 30 seconds later saying he would look in to it.
After the phone call I LOOKED up the web site and while I was there I resent my email to their customer complaint email address listed with a short synopsis of my conversation with their IT department. I have had no reply to any of my emails. I feel that I have taken the high road and done things the right way…”as envisioned by the internet forefathers.”
Long story short…the probes continued all weekend and are still happening today. Now I know this may take most of TT members by surprise but there are unethical forms that would take a “You can’t crack my web site” post as a challenge, and take it to heart! Short of that, does any one else have a course of action they would take.
SF18C
CCNP, MCSE, A+, N+ & HPCC
"Tis better to die on your feet than live on your knees!"
For over 2 weeks my small home web site has been hit by a constant URL scan from a particular host. The scan runs for 10 minutes for every hour of the day. The scans were harmless, other than:
1. Taking away bandwidth that I pay for.
2. Wasting CPU and memory to process and deny the probe.
3. Filling my logs to the point of bust!
Yes, yes, yes I know that I could have filter out this one IP with an ACL and been done with it, but I figured I would try to use the “Internet superhighway rules of the road.” I went through the motions of monitoring, accumulating and reporting. I parsed my log files (router, IIS, and server security logs), conducted ARIN searches and tracked down the owner of the offending machine. I sent emails which went without response (3 times on 3 different days). Friday I called the number listed from the ARIN WHOIS result and actually was able to speak with the gentleman named under abuse reporting (to my surprise being the 2nd of Jan and all). He did confirm that this IP belonged to his organization and informed me that it was their web server! He said he never received any of my emails. So I confirmed his email address again and resent him list while on the phone with him. I asked him if it was possible that this machine had a virus or was being used as a zombie to conduct these probes. At this point he became very upset and asked me who I was to question their security methods. I added that I was only asking if it could have been the before mentioned ideas because I didn’t think these attacks were a deliberate part of their business practice. Well that really set him off and he was off the phone 30 seconds later saying he would look in to it.
After the phone call I LOOKED up the web site and while I was there I resent my email to their customer complaint email address listed with a short synopsis of my conversation with their IT department. I have had no reply to any of my emails. I feel that I have taken the high road and done things the right way…”as envisioned by the internet forefathers.”
Long story short…the probes continued all weekend and are still happening today. Now I know this may take most of TT members by surprise but there are unethical forms that would take a “You can’t crack my web site” post as a challenge, and take it to heart! Short of that, does any one else have a course of action they would take.
SF18C
CCNP, MCSE, A+, N+ & HPCC
"Tis better to die on your feet than live on your knees!"