So, most internet providers have an email address where "abuse" complaints are sent. This is the place where systems administrators can send an email saying "this IP address in your network has a virus" or "this IP address in your network is scanning our systems for vulnerabilities."
Verizon (being an ungodly huge provider) is no different. They also have an address. It's abuse@verizon.net. However, when emailing them about several hundred worm infected systems scanning our networks, my email bounced back to me saying "you're not whitelisted... go to http://blahblahblahblah and jump through these hoops while dancing an irish jig to send us email."
So I jumped through thier hoops. Sending reports like this is part of my job. I mean, chances are they'll ignore them, but I have to at least have put forth the effort to report problems to them. After jumping through thier multi-day hoop hopping process, I resend the abuse reports. Boing. They bounce right back to me.
Apparently, Verizon is taking the "head in the sand" approach to security problems in thier networks. I can just picture a dilbert-esque pointy-haired-boss somewhere who said "We're getting how many thousand emails per week about worms and stuff? What if we made it really hard for people to tell us about problems... then we'd have less overhead, right?" This would be followed by the PHB leaving the meeting thinking "I fixed the internet."
Bravo Verizon. We don't mind your virus infected, worm-fodder customer base constantly filling our logs with thier trash.
I think I'll print out the 300,000 IDS alerts from thier networks in 28 point font and ship them to verizon headquarters in document storage boxes.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment