Tuesday, December 14, 2004
Remember, honesty is the best policy
So deny everything
A few days ago I noticed that one of the systems I manage had had someone trying to hack into it for ten minutes," the reader wrote. "Hacking attempts occur almost daily but they're usually from compromised systems in the Far East or elsewhere overseas. Those attempts last less than a minute and appear to be via a script, as the interval between each failed attempt is almost always less than five seconds. In this case, the entries in my log file showed all 100-plus attempts were from a system on Adelphia.net's network. I always report these types of violations to the abuse contact on the ISP's WHOIOS record, with the individual lines from the log file. Nineteen hours after I reported the incident someone at Adelphia responded that the machine involved was not on their network and they could not help, directing me to other links to pursue the matter."
The reader found Adelphia's denial a little hard to believe. "I thought it strange that the system with a Fully Qualified Domain Name wasn't on Adelphia's network," he wrote. "I was wondering how a hacker had configured a reverse DNS lookup to falsely return an Adelphia.net FQDN when it wasn't an Adelphia system. I ran a ping against the full name and it returned the IP address. I then queried the WHOIS for that IP address and found it was in a block of addresses assigned to Adelphia. I copied all the information and replied to the Adelphia abuse address hoping for a response. Nothing."
Receiving no further response to his e-mails, the reader tried phoning Adelphia a few days later. Three phone calls were routed to tech support staff who said they couldn't help and were not sure who at Adelphia could. Finally on his fourth attempt he managed to get through to an Adelphia tech who would at least discuss the issue. "I explained the hacking attempts and provided her with the Adelphia incident number from their e-mail," the reader wrote. "I re-stated the IP address of the system used in the hacking attempt. After a minute or so she repeated what the e-mail had said -- the IP address of the system was NOT an Adelphia address. After explaining what the WHOIS tool was telling me and how a reverse DNS lookup was supplying the adelphia.net system, she conceded that it was in fact an Adelphia system. She put me on hold for a few minutes, then returned to say that the matter is under investigation."