RE: [Nolug] Tons of DHCPREQUEST messages in syslog

From: Jerald Sheets <questy_at_captured.com>
Date: Wed, 9 Jan 2002 07:30:22 -0600
Message-ID: <000801c19911$ca45f280$0a00a8c0@ranch>

Well, Charles, that's not the issue. You see, I worked in the CMTS
division of 3Com corporation last year. I have been resident in the main
Sprint NOC, and worked alongside the managers of the largest IP network
in the world. @Home (in general) has done things to me that no customer
should have to deal with.

If you need to manage some IP addresses, then utilize private IP space.
Yes, a major undertaking, but nevertheless effective.

I don't mind when services *change*, but don't take away previously
available stuff. Frankly, Cox's problem children typically are *NOT*
LUGgers. (or any such industry professional) That's why Roadrunner
made an account specifically for us. My problem, it seems, is with
@Home management, because every time I've gotten to know a tech (like
you) I have had new hope that one day @HOME would be helpful, friendly,
and usable.

As for the whole redirector thing, you *do* realize there are no less
than 50 scripts out there that can run SLEEP 500 and change the DNS info
as often as you can set leases? They already exist, and I believe it's
a losing battle to be fiddling with. Instead, concentrate on hunting
down all these port scanners just on the @HOME network. With the
management tools you are soon to have in place, any NIC in promiscuous
mode should be fair game to you for a "stop it or be cut off" message.
I have had more problems on this network with systems in the @HOME
network doing things which most definitely *ARE* against AUP and are
intrusions on my system. My Syslog needs cleaning and logrotating
every 4 hours now *JUST* for the portscanners and from:

UDP scan from host: ha1.svc1.okc1.ok.home.com/24.4.96.70 to UDP port: 68
attackalert: Host: authorized-scan1.security.home.net/24.0.0.203 is
already blocked Ignoring (which I don't really have a problem with)

My messages file:

-rw------- 1 root root 720996 Jan 9 08:30 messages

was created this morning, and I already have

[root@sheepdog log]# grep okc1 messages |wc -l
   5556

Five THOUSAND!!!! Scans from this beast. This screams misconfiguration
at the network engineering level. In other words, if simple problems
(portscanners, NICs in promiscuous mode, the authorized News server
scanner listed above) were run, and a complete network audit were done
from the top down, then by the time you got to us (not *YOU*, but Cox)
then it'd be very easy to serve the customer. In my case, I just
continually feel shafted by @HOME "Because we can". That's one of the
reasons I'll be leaving this town *YET AGAIN* to pursue career interests
outside of this horribly backward state.

Don't take it personally! Comcast would be a good model (Virginia) to
follow. They left us the hell alone. They kept to themselves. They
only checked the news server ports, and then minded cable plant and
infrastructure issues without bugging us needlessly. Hell, my tech in
Woodbridge, VA called *ME* for help because he knew I worked on the 3Com
cable plant (CMTS) equipment he had, and that I'd gladly do a favor for
him. I got 3 months free out of the deal, and (once again) left alone.

Sorry you got the spew on that, but this is a *management* problem that
you have no control over. We at 3Com told @Home (the sites using our
stuff, anyways) how to eliminate all the crap on their network, but they
were too busy having middle-management meetings and figuring out more
ways to suck extra money from the users to work out a way to give
excellent versions of the service they already sold.

Thanks for listening, although I understand if nobody can do anything
about it.

--JMS

-----Original Message-----
From: owner-nolug@patientcarerx.com
[mailto:owner-nolug@patientcarerx.com] On Behalf Of HSI System Engineer
Sent: Tuesday, January 08, 2002 10:45 PM
To: nolug@patientcarerx.com
Subject: Re: [Nolug] Tons of DHCPREQUEST messages in syslog

Jerald,

Sorry you had so much trouble with the @Home abuse system. Cox will
strive
to enforce all abuse policies and take a proactive roll in making these
types of activities minimal.

Charles

___________________
Nolug mailing list
nolug@nolug.org
Received on 01/09/02

This archive was generated by hypermail 2.2.0 : 12/19/08 EST