Re: Easynet.co.uk null route a Trojaned DSL customer
dkona7b02 at sneakemail.com
Thu Dec 2 17:10:41 EST 2004
It is always nice to see a responsible ISP in action... Something
strikes me as a bit odd though. In the first paragraph they claim a
Trojan horse took over the machine and did so "without our
customer's knowledge, authorisation or permission." Yet first thing
they admit in the second paragraph is that they have not been able
to contact said customer... How can they claim the customer had
no knowledge if they haven't even talked with them about it?
Kudos to them if they actually follow through with the null routing!
At 09:49 PM 12/2/2004 +0000, Michael R N Dolbear typed:
>In reply to a spamcop complaint that
>dsl-212-135-217-67.dsl.easynet.co.uk (184.108.40.206) is an open proxy
>(Sat, Nov 27, 2004 at 03:52:46AM)
>Easynet Abuse Team replied 02 December 2004 00:49
>This incident arose as a result of a machine on our customer's network
>having become compromised by a Trojan horse program, which then allowed
>unscrupulous bulk emailers to install an insecure open proxy server on
>the machine in question, without our customer's knowledge,
>authorisation or permission.
>All attempts to contact our customer concerning this incident having
>failed, we have now raised an Operations ticket with a request to
>null route the IP address concerned in order to disconnect it from
>the Internet and to put an end to the abuse. This will be actioned
>within the next few hours. The null route will not be removed until
>such time as our customer is able to assure us that the vulnerability
>has been secured.
More information about the SpamCop-List