RR.COM abusers

Vernon Schryver vjs@calcite.rhyolite.com
Tue Mar 9 14:28:16 UTC 2004


What should I do about the enclosed?  The RR.COM phone number has
only a recording saying they won't deal with abuse unless it originates
on their network.  From their recorded message, the only kind of security
problem they can conceive of is "port scanning."

I've dropped 24.242.0.0/15 into the common blacklist of the public DCC
servers.  Is that excessive or insufficient?


Vernon Schryver    vjs@rhyolite.com


> From: Road Runner Abuse <abuse@rr.com>
> To: Vernon Schryver <vjs@calcite.rhyolite.com>
> Subject: Re: DCC client at 24.242.145.130 or rrcs-sw-24-242-145-130.biz.rr.com

> Hello,
>
>
> Road Runner has received your e-mail, but is currently unable to process
> it further as it is missing some required information.  Road Runner will
> not accept logs that are not in plain text (ascii) format. Do not attach
> files to your e-mail. All logs must be included in the body of the 
> message.
>
> Your logs must contain the following information in order for Road 
> Runner to process them:
>
> Date of Incident
> Time of Incident
> Time Zone that logs are captured in
> Source IP Address or Host Name
>
> Please note, we are not able to take action on an account without being 
> able to substantiate "abuse"  allegations with documentation of one or 
> more violations of our Acceptable Use Policy (AUP). While a description 
> of the events is useful in determining the intent of the potential 
> abuser, it does not substitute for actual system logs which can provide 
> a reliable record of on-line activity. 
>
>
> Thank you for taking the time to contact Road Runner.
>
> - Road Runner Abuse [MG]
>
> Original Message Follows:
> ------------------------
> For at least several days, the DCC client at 24.242.145.130 or
> rrcs-sw-24-242-145-130.biz.rr.com has been making more than 480,000
> requests per day of the public DCC servers.  It is tripping the denial
> of service defenses in the public DCC servers.
>
> I cannot tell whether it has a misconfigured firewall on UDP port 6277
> or it is trying to check a bunch of mail with the DCC.  If it is 
> checking
> more than 100,000 mail messages/day, it should have a local DCC server
> connected to the global network of DCC servers.
>
> See http://www.dcc-servers.net/dcc/ concerning the DCC.
>
>
> Vernon Schryver    vjs@rhyolite.com
>



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.