[kwlug-disc] Mysterious filtered ports on a server
Paul Nijjar
paul_nijjar at yahoo.ca
Wed Oct 26 14:40:01 EDT 2016
Script kiddies install IRC on compromised machines, and then use it to
check into command and control servers. Rogers has (had?) deep packet
inspection that would sniff out this traffic.
We got caught by this, and then Rogers shut us down. Fair enough,
except that Rogers refused to give us any information (including the
remote IP!) about the problematic connection. When we begged for some
information to help us troubleshoot, they told us that they were not
responsible for managing our network. So we just shut down IRC
traffic. That does not solve the problem of our networks being
infected (which we have tried to address in other ways) but at least
it gets Rogers off our backs.
Of course, this was the bad old days. Supposedly Rogers is much more
accomodating now, and people never ever end up in tears after making
service calls to the company. I know this because they spam our
business account telling us how much they have improved.
- Paul
On Wed, Oct 26, 2016 at 06:16:02PM +0000, CrankyOldBugger wrote:
> Why would Rogers shut you down for IRC? They have something against people
> chatting with each other?
>
More information about the kwlug-disc
mailing list