I just got an alert from my firewall that someone was attempting to hack
my computer.

I looked up the address, and it belongs to my ISP (Cox).
So, I called them to inform them and they told me I should be safe since
I have a firewall.
I told them, that's not good enough because I'm sure they have policies
against using their service to hack other people's computers. I expect
them to use the IP address to figure out who it is and take appropriate
actions.

It seems to me that either one of their customers is a hacker or one of
their customers computers has been compromised by a hacker who is using
it to launch attacks.

She put me on hold and came back telling me to email abuse@cox.net
(which I suspect is a black hole).

What are the legal ramifications here?

I assume they've included wording in our agreement that they aren't
responsible for hacker attacks, but would that hold any water if they
had been informed that their network was being used to launch the
attacks and they did nothing?

Suppose that later on, this hacker actually causes someone (not
necessarily me) some damage.
What could they use in their defense were a civil suit to result from
something like that?

I'm pretty sure there are laws requiring public companies to keep copies
of communications that they initiate (inter-company email). Or am I
mistaken?

But such laws probably wouldn't apply to the email I sent them, even
though I'm their customer. Or do they?

I just got an alert from my firewall that someone was attempting to hack
my computer.

I just got an alert from my firewall that someone was attempting to hack
my computer.

Mike Z. Helm wrote:
Oh look! Yet another whining fool who thinks some fool is hacking his
computer.
Sheeesh dude. I get pinged from my ISP constantly.

I don't worry about it. I let zone alarm do it's job and forget about it.
Hell, in the past 15 minutes I've been pinged by my ISP 5 times.
You don't have that little pop up alert thingy turned on do you?
If you do, shut the damn thing off and go back to work.

On Thu, 9 Dec 2004 00:37:36 -0600, "Richard" <Anonymous@127.001>

You know no more about networks than you do about law apparently.

I just got an alert from my firewall that someone was attempting to hack
my computer.
I looked up the address, and it belongs to my ISP (Cox).
So, I called them to inform them and they told me I should be safe since
I have a firewall.
I told them, that's not good enough because I'm sure they have policies
against using their service to hack other people's computers. I expect
them to use the IP address to figure out who it is and take appropriate
actions.
It seems to me that either one of their customers is a hacker or one of
their customers computers has been compromised by a hacker who is using
it to launch attacks.
She put me on hold and came back telling me to email abuse@cox.net
(which I suspect is a black hole).
What are the legal ramifications here?
I assume they've included wording in our agreement that they aren't
responsible for hacker attacks, but would that hold any water if they
had been informed that their network was being used to launch the
attacks and they did nothing?
Suppose that later on, this hacker actually causes someone (not
necessarily me) some damage.
What could they use in their defense were a civil suit to result from
something like that?
I'm pretty sure there are laws requiring public companies to keep copies
of communications that they initiate (inter-company email). Or am I
mistaken?
But such laws probably wouldn't apply to the email I sent them, even
though I'm their customer. Or do they?
--
There's no way to delay that trouble comin' everyday

Trying to hack your computer, or just port scan? There is a
difference. Police will arrest someone banging on your front door
with a crowbar. I doubt they will arrest someone for having their
hand on the doorknob of your front door, even if you and I both
suspect the guy was testing to see if it was locked.
As a practical matter, at least 10% of all Windows machines are
infected with at least one virus, and I tend to think that the
real number is somewhat over 50%. Most of those are out probing
other machines to infect. Oh, yes, systems other than Windows
get hacked also.
If only it was less than half ...
They need the IP address, and the date and time (AND TIME ZONE) of
the incident (needed especially if it's a dialup lie), and evidence
of the incident (firewall log), which sometimes suggests which
virus is involved. Did you give them that information?
Don't expect to be told the results of any investigation (which,
at best, will be that a customer is identified, told to clean up
the virus in their system, they actually DO it, and they click on
the next email virus in their INBOX, and get reinfected again).
There are privacy issues of telling YOU who it was or accusing them
of hacking when it was simply a virus (and given their pervasiveness,
it's hard to assign 100% blame to the owner of the infected computer).
A lot of these firewalls are really stupid and generate lots of
false alarms. For example, there are lots of reports of systems
being attacked by the ISP's DNS servers. Why? Well, usually it
involves the "victim" machine asking the ISP's DNS servers a question,
getting a little impatient (when the servers are slow) and asking
again, getting the FIRST answer, and then considering the SECOND
answer as an attack. The same sort of thing can often happen with
mail and news and the web if you get a dialup line which the previous
user abruptly disconnected from, or if packets get retransmitted.
If Cox (or any ISP) tried to track down all these problems and
outsourced the job to the Chinese, they'd run out of Chinese.
What did this attacker (person or virus) actually DO that was
threatening or harmful? 10 probe packets in an hour, from someone
who might have mistyped an IP address, isn't much of a threat.
10,000 packets an hour likely hurts your ability to use the net,
and is much more serious. Attempting to log in to some service
your computer actually HAS and guess passwords is much more threatening
than trying to connect to a closed port. And, of course, actually
GETTING in and altering your system is worse still.
Now, I'm not saying that port scanning and such activities are
harmless. Neither is jaywalking (well, there will be complaints
that this is a "victimless crime") or re-using postage stamps. But
hopefully they focus their limited staff on the serious problems.
And remember, people can mistype IP addresses or host names.
And it's very difficult to convict and jail a virus, even if the
author has already been caught and executed (something I don't think
has ever happened, unfortunately).
The user agreement doesn't apply if the victim is not their
customer. Things get even messier if the attacker is in
a different country from the victim.
If you had serious evidence of an actual malicious attack
(like sustained dictionary attacks against a remote login),
you notified them, and the attack continued, and they still
did nothing, and eventually you suffered real damages, they might
be liable. A firewall log of one or a couple dozen packets
does not make evidence of a malicious attack. It's also not
evidence that a still-living person was directing the activity.
The might use records that indicated they found the half dozen customers
that you reported and terminated their accounts, and that this one
was not one you (nor anyone else) had reported yet.
They might claim that they didn't write the virus and are not liable.
They might claim that there are too many viruses to be able to get
all the infected customers but they have insisted that a lot of
customers clean up their systems or their account is terminated.
I doubt it. Do YOU have to keep copies of stuff YOU initiate (like
ordering stuff by mail)?
If you wish to keep your own file of correspondence with them, by
all means do so. And if you have a really serious problem,
follow up email with registered mail, return receipt requested,
and keep your own copies of correspondence.
Gordon L. Burditt

Trying to hack your computer, or just port scan? There is a
difference. Police will arrest someone banging on your front door
with a crowbar. I doubt they will arrest someone for having their
hand on the doorknob of your front door, even if you and I both
suspect the guy was testing to see if it was locked.
As a practical matter, at least 10% of all Windows machines are
infected with at least one virus, and I tend to think that the
real number is somewhat over 50%. Most of those are out probing
other machines to infect. Oh, yes, systems other than Windows
get hacked also.
If only it was less than half ...
They need the IP address, and the date and time (AND TIME ZONE) of
the incident (needed especially if it's a dialup lie), and evidence
of the incident (firewall log), which sometimes suggests which
virus is involved. Did you give them that information?
Don't expect to be told the results of any investigation (which,
at best, will be that a customer is identified, told to clean up
the virus in their system, they actually DO it, and they click on
the next email virus in their INBOX, and get reinfected again).
There are privacy issues of telling YOU who it was or accusing them
of hacking when it was simply a virus (and given their pervasiveness,
it's hard to assign 100% blame to the owner of the infected computer).
A lot of these firewalls are really stupid and generate lots of
false alarms. For example, there are lots of reports of systems
being attacked by the ISP's DNS servers. Why? Well, usually it
involves the "victim" machine asking the ISP's DNS servers a question,
getting a little impatient (when the servers are slow) and asking
again, getting the FIRST answer, and then considering the SECOND
answer as an attack. The same sort of thing can often happen with
mail and news and the web if you get a dialup line which the previous
user abruptly disconnected from, or if packets get retransmitted.
If Cox (or any ISP) tried to track down all these problems and
outsourced the job to the Chinese, they'd run out of Chinese.
What did this attacker (person or virus) actually DO that was
threatening or harmful? 10 probe packets in an hour, from someone
who might have mistyped an IP address, isn't much of a threat.
10,000 packets an hour likely hurts your ability to use the net,
and is much more serious. Attempting to log in to some service
your computer actually HAS and guess passwords is much more threatening
than trying to connect to a closed port. And, of course, actually
GETTING in and altering your system is worse still.
Now, I'm not saying that port scanning and such activities are
harmless. Neither is jaywalking (well, there will be complaints
that this is a "victimless crime") or re-using postage stamps. But
hopefully they focus their limited staff on the serious problems.
And remember, people can mistype IP addresses or host names.
And it's very difficult to convict and jail a virus, even if the
author has already been caught and executed (something I don't think
has ever happened, unfortunately).
The user agreement doesn't apply if the victim is not their
customer. Things get even messier if the attacker is in
a different country from the victim.
If you had serious evidence of an actual malicious attack
(like sustained dictionary attacks against a remote login),
you notified them, and the attack continued, and they still
did nothing, and eventually you suffered real damages, they might
be liable. A firewall log of one or a couple dozen packets
does not make evidence of a malicious attack. It's also not
evidence that a still-living person was directing the activity.
The might use records that indicated they found the half dozen customers
that you reported and terminated their accounts, and that this one
was not one you (nor anyone else) had reported yet.
They might claim that they didn't write the virus and are not liable.
They might claim that there are too many viruses to be able to get
all the infected customers but they have insisted that a lot of
customers clean up their systems or their account is terminated.
I doubt it. Do YOU have to keep copies of stuff YOU initiate (like
ordering stuff by mail)?
If you wish to keep your own file of correspondence with them, by
all means do so. And if you have a really serious problem,
follow up email with registered mail, return receipt requested,
and keep your own copies of correspondence.
Gordon L. Burditt

Also, most ISP's are required to maintain records for at least 7 years.
This varies, as some states only require records to be keep for a matter of
months.

ChaosBlizzard wrote:
Most? This presumes that the ISPs are based in a country or state
which DOES require records be kept, which is not a fact in
evidence.

So records aren't facts? Interesting...