Exetel user attempting to log in (hack in) to my server

Open discussion regarding technological or telecommunication issues
Locked
pauld
Posts: 22
Joined: Thu Sep 08, 2005 4:43 pm
Location: Port Melbourne https://alond.com.au/
Contact:

Exetel user attempting to log in (hack in) to my server

Post by pauld » Mon Mar 10, 2008 6:09 pm

I run a web server and mailserver, NO P2P, and have the usual concerns with Russian Chinese and other hackers attempting multiple logins to my server.

Yesterday, an Exetel user attempted to do the same thing. (log files sent to Exetel via trouble ticket).

Exetels service desk response was "all we can do, is forward your email to the user".

I'm quite shocked, how about looking at this another way.

"Hey Mr. policeman, i've got the name and address of someone who attempted to break into my home, and I have proof".

"Oh, sorry mr homeowner, all I will do is send your complaint to the burgler".

I pay Exetel for the use of their network, and expect that they want me to follow their rules (quite correctly), So, I suppose that it's acceptable use policy that I can attempt to break into other Exetel users machines.

I would have at least thought that Exetel would treat this a little seriously.

I am not (at this stage), posting the offenders IP address.

A very surprised Exetel user.

NetworkAdmin
Posts: 559
Joined: Tue Jan 06, 2004 1:19 am
Contact:

Post by NetworkAdmin » Mon Mar 10, 2008 6:14 pm

The person on the helpdesk responded incorrectly. The policy is to forward the notice without comment.

You are right though, if you think someone is attempting to break into, or steal your property, you should inform the police.
Last edited by NetworkAdmin on Mon Mar 10, 2008 6:49 pm, edited 1 time in total.

pauld
Posts: 22
Joined: Thu Sep 08, 2005 4:43 pm
Location: Port Melbourne https://alond.com.au/
Contact:

Post by pauld » Mon Mar 10, 2008 6:26 pm

OK, there's obviously nothing I can do.

NetworkAdmin
Posts: 559
Joined: Tue Jan 06, 2004 1:19 am
Contact:

Post by NetworkAdmin » Mon Mar 10, 2008 6:45 pm

What response did you get from the operators of the other 10 IP addresses you listed in your log?

A one time attempt to access your system is far more likely to be an ssh session ip address typo than an actual hack attempt.

Even if it were, in almost all cases, the owner of the IP address the 'attack' is coming from is not the one responsible for the action. It is usually either a compromised PC being used in a bot-net or in some other way remotely controlled.

By forwarding your email to owner of the IP address, they can take action to fix the problem directly - which any responsible person would do.

Locked