Telkom Mobile claim that they cannot disconnect a user attacking other users

R

Reelix

Senior Member
Joined
Jun 24, 2008
Messages
597
Please Delete (Thread intention derailed)

Meh - Telkom Mobile are a useless bunch...

I had user 8ta-229-181-44.telkomadsl.co.za (IP: 197.229.181.44) browsing around my PC shares for 3 and a half hours and uploading 2 trojans (Which my AV happily nuked) in a most-likely automated fashion.

Seeing as how the connection was still active (Various monitoring programs, and Windows Resource Monitor), I decided to contact Telkom Mobile to tell them to inform said user to install an Anti Virus

After a quick session on their live chat site (1 line of text), they decided they couldn't help me, and decided to phone me. After being transferred to 3 different departments, the one technician decided that since the DNS name contained "telkomadsl" (Whom 8ta piggy back off, hence the name), decided to transfer me to their ADSL department whom happily informed me that it was a Telkom Mobile IP, and suggested I contact their mobile department (Whom had JUST forwarded me there in the first place).

Before this, I also decided to e-mail them, and they gave me the following useful advice:

http://i.imgur.com/omm4lzA.png

Which pretty much equates to "We don't really care - Deal with it yourself"
 
Last edited:
G

GoofySmurf

Expert Member
Joined
Dec 23, 2009
Messages
1,231
Reelix said:
Meh - Telkom Mobile are a useless bunch...

I had user 8ta-229-181-44.telkomadsl.co.za (IP: 197.229.181.44) browsing around my PC shares for 3 and a half hours and uploading 2 trojans (Which my AV happily nuked) in a most-likely automated fashion.

Seeing as how the connection was still active (Various monitoring programs, and Windows Resource Monitor), I decided to contact Telkom Mobile to tell them to inform said user to install an Anti Virus

After a quick session on their live chat site (1 line of text), they decided they couldn't help me, and decided to phone me. After being transferred to 3 different departments, the one technician decided that since the DNS name contained "telkomadsl" (Whom 8ta piggy back off, hence the name), decided to transfer me to their ADSL department whom happily informed me that it was a Telkom Mobile IP, and suggested I contact their mobile department (Whom had JUST forwarded me there in the first place).

Before this, I also decided to e-mail them, and they gave me the following useful advice:

http://i.imgur.com/omm4lzA.png

Which pretty much equates to "We don't really care - Deal with it yourself"
Click to expand...

Your computers and connection's security is your responsibility, I would strongly suggest you disable your shares. If you want to take it further open a case at the police station and they will get the all the information from telkom.

There is no firewalls running on their connections imagine the nightmare of managing this for their entire customer base with each user having different needs. Now imagine my friend pisses me off and I want to get back at him so I decide to report his IP to telkom for hacking my pc do you really expect them to disconnect the user with no proof or input from him. The user might even be a 70 year old gran that for some reason got her pc infected with a rootkit or a virus and its spreading through all the machines shares on the network.

Telkom will be breaking their own contract as well and be liable for legal action from the disconnected user.

Keep your expectations realistic.
 
M

Mr.Jax

Expert Member
Joined
Sep 22, 2009
Messages
1,460
:eek:
Reelix Secure your PC! I 100% agree with GoofySmurf.

How do you connect to the internet ? ADSL via USB, or PPPOE session initiated from your PC and not inside the ADSL router/modem ?

Not running any firewall software are you ?
 
R

Reelix

Senior Member
Joined
Jun 24, 2008
Messages
597
I find the responses in this thread curious...

I have an extremely locked down PC with a single public "Upload" folder that I use for LANs that gets permanently monitored extremely closely, as well as many other shared folders with read-only permissions (That people can copy off me if they so wish)

I do not run any Firewall software (Well, any that blocks connections anyways).

The majority of the responses in this thread have been how "Your security is your responsibility".

In my situation, it's akin to you being shot, you seeing who the person was who shot you, and the police claiming that it's your fault you got shot, and no - They will do nothing to catch the person (And everyone else (AKA: People in this thread) claiming the same)

It seems that the entire intention for creating this thread (AKA: Informing people that having detailed information about a local attacker and informing the people who CAN do something is fruitless) has been lost...
 
M

Mr.Jax

Expert Member
Joined
Sep 22, 2009
Messages
1,460
Reelix, a firewall really is necessary.

Hackers discover new exploits every day; without a firewall, you are at risk, no matter how much you've hardened your computer, no matter how up to date your pc's operating system/software/drivers/3rd party drivers/etc are.
(My adsl route log shows this all the time...loads of 'intrusion detections' .....all the time)

I would not connect my pc to the internet without it going through a firewall first.
 
P

Paul Hjul

Honorary Master
Joined
Aug 31, 2006
Messages
14,902
Maybe I am reading the situation too charitably but I see this differently:
The systems administrator for any given network is responsible for that networks security. For home users that often means a generally tech-illiterate person who switched the router on, but the default settings on PCs and routers tend to be reasonably secure against breaches originating on the Internet. If a home computer goes bonkers - mainly because of malware - it can cause network problems and will consume resources of the owner. That is there problem not the ISPs.

Telkom Mobile can only act against a user account if that user is breaching their AUP and they are restricted in monitoring traffic in various ways by law. Moreover who is Telkom to assume that a machine is misbehaving by transmitting data?

So the fact that a user is attacking you from ISP x's network is frankly irrelevant because preserving your account is your responsibility. If the user is misusing ISP x's network ISP x has a right to terminate that users session, moreover if ISP x allows their network to be misused chances are they are in breach of an AUP with any transit provider and often peering agreements. ISPs that don't play nice get put on blacklists by other ISPs - the Internet works like that.

So you should on establishing that an attack is coming from ISP x provide an indication to them of this such that they may enforce their AUP. You should strive to give them a proper abuse notification in line with http://www.rfc-base.org/rfc-6692.html but really an email to abuse@... saying: Hi, there appears to be problematic behaviour from one of your users - please see below:
This way Telkom's systems administrator can "rm-rf" the person misusing their network - almost every system's administrator I have ever met has an approach of booting misconfigured machines until they get themselves fixed. Telkom certainly can't close certain ports or anything of that nature as an act against a client at your request.
 
You must log in or register to reply here.
Top