ISP abuse notice

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
Post Reply
miken2av
New Member
Posts: 32
Joined: Wed Jul 20, 2011 10:30 am
Location: Birmingham, AL USA

ISP abuse notice

#1

Post by miken2av »

The ISP for our stake center has sent me an email. I checked the headers and it seems legit though I haven't called them and I haven't called LDS Global Help desk. the message:

"Issue Description – A device on your network is capable of a network-impacting, distributed denial-of-service (DDoS) attack due to a flaw in the Network Time Protocol (NTP) on the device. Various commands in older versions of NTP can be easily exploited for malicious intent. "

it goes on to list the evidence:
Issue Description: NTP (Port 123) Vulnerability
Vulnerable Port: 123
Vulnerable IP Address:
Timestamp: 2017-01-15 04:06:33 GMT

It includes the IP address of our connection to our ISP that I verified. we do have a static address.

The email gives instructions on updating NTP protocol on our server. We aren't running any servers. Just windows 7 and 10 workstations.

I wouldn't think that the ISP could even see anything on our network with the Church Cisco Firewall in place. Could it be the firewall?

Another strange thing is the email sent to me was copied to a person (@xilec.com) at a company located in draper UT (I am in Alabama)

any ideas? seems like the higher tiers of support from the church are usually only available m-f 9 to 5 so may just wait to call until Monday.

Thanks
Michael STS
russellhltn
Community Administrator
Posts: 34421
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: ISP abuse notice

#2

Post by russellhltn »

Try this: While on your church network, navigate to grc.com. Click on "ShieldsUp!" on the first two screens. Then "Proceed". Type in "123" and click "User Specified Custom Port Probe". I'd expect you to get "stealth".
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
miken2av
New Member
Posts: 32
Joined: Wed Jul 20, 2011 10:30 am
Location: Birmingham, AL USA

Re: ISP abuse notice

#3

Post by miken2av »

I did get Stealth as the result.

Also found out that xilec is a company that handles some billing for the church so they are on the account.
russellhltn
Community Administrator
Posts: 34421
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: ISP abuse notice

#4

Post by russellhltn »

Wild speculation: might be what the ISP has noticed is that something on the network is using a old NTP protocol. It's not reachable from the outside, but if someone were to attack from within, then it could flood the internet. A quick Google shows a couple of people have received notices from Zen Internet.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
miken2av
New Member
Posts: 32
Joined: Wed Jul 20, 2011 10:30 am
Location: Birmingham, AL USA

Re: ISP abuse notice

#5

Post by miken2av »

In talking to our Facilities Manager they have gotten several of the notices a;; from the same ISP. Charter / Spectrum. The other issue here is the "threat" they give if it isn't resolved:

"Please be advised that Spectrum’s Acceptable Use Policy (AUP) explicitly prohibit actions, whether intentional or unintentional, that disrupt Charter’s network. These policies are available on https://www.charter.net/page/terms-of-service-policies/ for your convenience.

Repeated events and/or complaints pertaining to this network abuse issue may result in an interruption of your service. "
russellhltn
Community Administrator
Posts: 34421
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: ISP abuse notice

#6

Post by russellhltn »

miken2av wrote:In talking to our Facilities Manager they have gotten several of the notices
Which makes me wonder - what devices does FM have connected to the network? They may be what's triggering the notice. Things like thermostats, sprinker timers, etcetera will likely make time requests and are notorious for not getting software updates. These things may pre-date the phrase "Internet of Things" (IoT), but that's what they are.

I can't rule out something on the router, but it would be something of a major cringe for the church's networking department to let them get that far out of date. However, when it comes to FM's devices ....

Note that insecure IoT devices are now a major concern to ISPs and the biggest threat to the Internet itself. 10 things to know about the October 21 IoT DDoS attacks. Unfortunately, many users and companies don't see a problem with their unsecure devices because "hey, it works".
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
rknelson
Member
Posts: 124
Joined: Tue May 01, 2007 3:13 pm
Location: Oregon

Re: ISP abuse notice

#7

Post by rknelson »

miken2av wrote:Another strange thing is the email sent to me was copied to a person (@xilec.com) at a company located in draper UT (I am in Alabama)
Xilec is a contractor the church uses to pay ISP's. Supposedly they monitor the bills and look for better deals. In fact, I don't think they do anything except pay the bills. If you check the address you will find it is a residential address.
Post Reply

Return to “Meetinghouse Internet”