Incompetent ISPs

• December 9, 2014
• technology  
• stupidity  

I see many attempts to attack my server via SSH or HTTP every day. I automatically blackhole most of them and that’s the end of it. However two days ago a server on linode.com started pounding on my SSH service. I reported the attack since Linode is an ISP in the US and might actually act on my report. Imagine my surprise when I actually received an email from a human acknowledging my report. Sadly the human appears to be incompetent at their job. They said

I did a search and was unable to find a customer in our system utilizing IP address: 72.14.1817.62 It seems like this address is/was not in use by any servers on our network.

Which is rather surprising since I can ping the address (note the human wrote “72.14.1817.62” when they presumably meant “72.14.187.62”). Furthermore nmap reports the machine is running a SSH and HTTP server. Executing “curl http://72.14.187.62” returns a web page with a lot of Chinese text and hostnames that route to IP addresses in China. It’s pretty obvious there is a malware infected machine on their network. So I sent a reply saying as much (but with more detail).

Perhaps the Linode.com support staff will surprise me and realize they need to dig a bit deeper. But I’m not going to hold my breath.