|
|
|
ISP's...The good, the bad and the worthless-
I am becoming more of the opinion that ISP's should play a much larger role in YOUR security. They have it within their power to protect you from malicious code, intentional attacks and other forms of abuse. The problem is though that many ISP's simply choose to let you, their paying customer, take the wrath of whatever new threat presents itself. Many customers feel that they are paying for a service and they should have the internet and all that it offers, both good and bad, as unrestricted as possible. I agree with this in principle, but with the current state of online security and the amount of threats posed against you, that its currently not possible.
There are times when I have contacted ISP's in regards to pings, port probes, Denial of Service attacks, etc. from their customers. Some ISP's take the problem of port sniffing and probing quite seriously while others attempt to intimidate *you* into not complaining. They achieve this in various ways...One way is to Email you and tell you that as part of their attempt to solve your problem, they are forwarding your complaint to the person you are complaining about! Some even encourage you to contact the person to "work things out" on your own...yeah, that's just what I need...someone who may be trying to get into my computer to have my Email address and any of the other information that goes along with that. Bottom line is: It is not your job to contact these people...it is the job of the persons ISP to protect your interests. If you fail to get cooperation or satisfaction from their ISP, contact yours and request help.
Some things to remember:
If you complain to the persons ISP, make sure you include a copy of your firewall log and explain the entries if need be. ISP's sometimes act like they are ignorant of what a log looks like or what they mean, so spell it out for them. That way they have no excuse not to help you. Remember, many people on the internet are "newbies", and if you act like one, the ISP will assume you are one. Doing this also requires that YOU learn about exactly what you are seeing in your logs so that you do not waste your time and the time of the person thats trying to help you.
Make sure you specifically request that your Email and other information NOT be sent to the offending party as some ISP's, as part of the resolution process, forward your complaint directly to the offender.. As a general rule, to complain about someone to their ISP, you simply send an Email to the ISP abuse address which is often abuse@<their ISP> . net or .com. To find out what ISP they are using, you will likely have to check their IP address. This is pretty simple task and I recommend using Sam Spade for this purpose. Some things to remember when contacting offender ISP's:
Include the offenders IP address and your IP address. Indicate which one was the source IP and which one was the destination IP (should be your IP address). Be sure to include the date and time of the action. Make sure that you state what time zone you are in using GMT if you are out of the United States. This helps the ISP narrow down who it was that may have attacked you. Users of the Zone Alarm Personal Firewall should seriously consider using Zone Log Analyzer which can help you and the ISP make more sense from the information you are providing to them. It is available on my Virus information page.
Many people make the mistake of assuming that every "attack" is intentional or real. This is not the case (remember what we said about background Internet radiation earlier?) and I would NOT recommend that you contact an ISP unless the same person or address has attacked you at least 3 times in a 24 hour period.
Include the destination port on your computer and the associated use of that port (Trojan, NetBIOS, etc.) Many tech support personnel have no clue as to what port is for what with the exception of the dedicated ones like 21, 80, 110, 139 etc. A good source for Windows port assignments is here. Again, Zone Log Analyzer provides this information if you are using the Zone Alarm Firewall.
Always include the relevant portions of their Terms of Service (TOS) or their Acceptable Use Policy (AUP). You can usually find this on the web site of the ISP. Including this information can speed up the handling of your complaint as you have given the ISP everything they need to investigate your complaint further. You have provided :
1. The offenders IP address and your IP address.
2. Source port and destination port.
3. The relevant portion of their TOS or AUP.
4. (Optional) A copy of your firewall log which should have all of the aforementioned information plus additional data helpful to the ISP. This is the preferred choice.
Once you have filed your complaint, the ISP will likely contact you. Most Emails you get from ISP's are the "auto responder" type. If you get an Email from a real person, follow it up with a request to be kept informed. Give them a couple of days to get back to you and if they fail to do so, contact them again and request information. Stay on top of these guys. Sometimes they are very busy, and other times, they would rather just forget about you. Ensure that you read the response Email carefully as they often include specific instructions in regards to "port probes" and similar actions by their customers. It is often a different type of "abuse" Email address. Simply forward your previously sent Email to them. At one point, you will have to give up, but you should make sure that you have made every effort that you can to report the abuse committed by their customer.
If you decide that you would rather not risk the ISP sending your information to the offending party, you can complain through a web based Email such as Yahoo, Hotmail etc. Keep in mind however that your actual Email might give you more credibility.
If you are contacted by someone claiming to be the person you complained about, contact their ISP in Email, and if possible, by phone to report this. It should be considered harassment. You can reply to the person that contacted you and instruct them to never, ever contact you again. Keep a copy of the Email as proof that you warned them. Keep in mind that if you do reply, there is a chance that the offending person will now have even more information on you, so its up to you to decide how you wish to handle this. You can ask that the ISP contact them and request that they never contact you again, but the ISP is NOT a messenger service and no proof of this contact would be available to you should something arise.
This also brings up a very good point on additional security. If you are on AOL or a member of another ISP that uses profiles, your personal information (what you have decided to provide) can be visible to anyone. Using the various Instant Messaging services like ICQ or AOL Instant Messenger also causes a number of concerns. For more on this, read the SANS.org article provided here.
If your phone number is listed and published in your community, anyone that knows where you live and what your name is can find your phone number. I personally know of one woman that was "phone stalked" by a guy she met while online gaming. He managed to help destroy her marriage. This, of course, is very uncommon, but it is possible and something you should be aware of. For a nominal fee, your phone company can have your number made unlisted and unpublished which means you will not be in the information database or on any of the numerous "white pages" web sites. When you get a free homepage with your ISP, ensure that your profile information is kept out of their directory. Most have a checkbox for this purpose.
Be aware of hoaxes, chain letters, pyramid schemes and other scams.
If you have had a bad experience with your ISP, please email me.
All images and text are copyright 2000, 200, 2002 by
Steve Sprague. No part of this site can be reproduced without my consent.