Re: Comcast.net abuse contact?

From: Chris Wilkes (cwilkesat_private)
Date: Wed Jan 16 2002 - 09:24:05 PST

Next message: Tom Laermans: "Re: Comcast.net abuse contact?"

Previous message: Misechok Mike J: "RE: Comcast.net abuse contact?"
In reply to: rootat_private: "Comcast.net abuse contact?"
Next in thread: Tom Laermans: "Re: Comcast.net abuse contact?"
Reply: Tom Laermans: "Re: Comcast.net abuse contact?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jan 16, 2002 at 09:20:08AM -0500, rootat_private wrote:
> Hello,
> 
> Does anyone out there have a valid abuse reporting contact for the
> comcast.net domain?  Comcast is a cable internet provider who owns both the
> comcast.com and comcast.net domains.  Their customers often appear in my
> firewall logs attempting massive port scans, probes for trojans... your
> usual "script kiddie on a broadband connection" type of stuff.
> 
> Their Web sites feature mostly inane drivel and marketing promotions,
> providing nothing useful in the way of company contact details.  I sent
> reports of their users abusing my firewall only to have emails to
> abuseat_private and abuseat_private bounce back to me.
> 
> Anyone have the valid abuse email?  Perhaps a phone number?

You might want to bring it up on http://www.rfc-ignorant.com .  I'm not
sure if they contact the company for you or it is just a listing of
companies that do not have standard email addresses like "abuse" and
such.

Comcast.net was reported on Jan 8th of this year where both the abuse
and postmaster addresses bounced.

On a related note I've been lucky and haven't had a port scan since I
started logging all dropped packets on my firewall.  The only things
that come my way (ISP is Speakeasy in Seattle) is Code Red and Nimda.

Once in a while I get weird stuff where they ask for a remote webserver:

61.170.140.72	[24/Dec/2001:21:06:09 -0800] "GET http://www.s3.com/
200.83.32.13	[26/Dec/2001:20:49:16 -0800] "GET http://www.google.com/
217.168.67.121	[01/Jan/2002:00:50:45 -0800] "GET http://www.s3.com/
218.21.77.29	[03/Jan/2002:20:58:16 -0800] "GET http://www.yahoo.com/
61.142.242.236	[14/Jan/2002:10:09:45 -0800] "GET http://www.spedia.net/

Anyone know what's up with that?

Chris

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Tom Laermans: "Re: Comcast.net abuse contact?"
Previous message: Misechok Mike J: "RE: Comcast.net abuse contact?"
In reply to: rootat_private: "Comcast.net abuse contact?"
Next in thread: Tom Laermans: "Re: Comcast.net abuse contact?"
Reply: Tom Laermans: "Re: Comcast.net abuse contact?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jan 16 2002 - 12:51:21 PST