Talk:Shaw Communications
From Wikipedia, the free encyclopedia
Contents |
[edit] An email from Shaw Communications
After contacting Shaw Communications by email it appears they know of the problem via this cited source:
Wednesday, June 11, 2008 9:46 AM Thank you for your report of abuse but in this case there are some details you should be aware of.
The “attacks” you are seeing on your system are not attacks per se. Although we cannot say definitively without seeing the logs of your firewall, we have seen dozens of similar reports over the past few months with exactly the same symptoms.
Most of the IP addresses reported to us are not currently in use nor have they even been assigned to any device in the past 90+ days. You are likely also seeing probes from many other random IPs within the 24.64.X.X range. All of these probes will be UDP. All of the probes will be directed at ports 1026, 1027 & 1028 on your computer. All of them are spoofing their origin.
This traffic is NOT originating from Shaw's network.
What is actually happening is that there is an unscrupulous advertiser which is spoofing Shaw IP addresses in the 24.64.0.0/16 range and is trying to send messenger pop-ups to computers in order to dupe people into buying a product. It has been quite a thorn in our side because it is falsely indicating Shaw customers are at fault for the traffic.
Your security software is smart enough to deflect these probes but not smart enough to know what is really going on. Each probe it sees is interpreted as an attack on your system and you are notified accordingly. Understandably, this can be quite alarming but, in this case, is actually nothing to be concerned with. In the future, any UDP probes you see from 24.64.X.X IPs on ports 1026, 1027 & 1028 can be ignored. Please do keep us apprised of ANY other attacks you may see from Shaw IP addresses.
If you have any further questions or comments please do not hesitate to contact us.
—Preceding unsigned comment added by 12.183.1.81 (talk) 01:25, 12 June 2008 (UTC)
[edit] Wikilinks
This page has way too many Wikilinks in my opinion. It is starting to look a bit messy.
[edit] Removed extraneous templates
This article has six different templates at the top, 5 of which I removed. There were three different templates indicating that citations were required; I left one, but didn't think 3 were necessary. There was a template indicating NPOV, one indicating original research, and another indicating weasel words, none of which I could find in the article or find any reference to on the talk page. If those who added these templates can explain why they were there, please re-add them. But having them there without any explanation is confusing and clutters the page. —PurpleRAIN 14:46, 12 March 2008 (UTC)
[edit] "Compromised Network" paragraph
After reading the article you cited, I have again removed the paragraph from the Shaw Communications article. The article does not meet the criteria mentioned in Wikipedia:Verifiability, specifically here. The article is self-published, and so poorly written as to make it difficult to understand what claims are in fact being made. Based on this article, it is certainly inaccurate to title the section "Compromised Network." I attempted to rewrite the paragraph based on information contained in the article, removing words like "notorious" and "should" and ended up with very little. If there is in fact a problem with botnets on Shaw's network, this should be reported, but in a more neutral way. I haven't yet seen anything to convince me that this is the case, however. —PurpleRAIN 22:03, 27 May 2008 (UTC)
- Here is the link to the article cited, in case anyone in interested: [1] —PurpleRAIN 22:08, 27 May 2008 (UTC)
I believe that you are wrong in claiming that the article mentioned does not meet the Wikipedia:Verifiability and I have reinstated the paragraph.
The article you describe as self published and so poorly written is academic research by a P.H.D candidate out of Northwestern University. The author has presented papers at international and local conferences of the IEEE (Institute of Electrical and Electronics Engineers). The citation mentioned is also the second chapter of the book: Botnet Detection: Countering the Largest Security Threat Edited by Wenke Lee, Edited by David Dagon, Edited by Cliff Wang
Format: Hardback, 300 pages, Approx. p. 20 illus. Collection: Advances in Information Security v. 36 Pub. Date: 30-Nov-2007 Publisher: Springer-Verlag New York Inc. ISBN-10: 0387687661 ISBN-13: 9780387687667
"Description (of the book)
Botnets have become the platform of choice for launching attacks and committing fraud on the Internet. A better understanding of Botnets will help to coordinate and develop new technologies to counter this serious security threat. Botnet Detection: Countering the Largest Security Threat, a contributed volume by world-class leaders in this field, is based on the June 2006 ARO workshop on Botnets. This edited volume represents the state-of-the-art in research on Botnets. It provides botnet detection techniques and response strategies, as well as the latest results from leading academic, industry and government researchers. Botnet Detection: Countering the Largest Security Threat is intended for researchers and practitioners in industry. This book is also appropriate as a secondary text or reference book for advanced-level students in computer science."
I don't want to be insulting but I think that you do not have enough education to properly understand the issue and act as an editor in regards to this matter. I do appreciate you challenging me to improve my contribution and I will work on addressing some of your concerns. A botnet is a compromised network, and verifiable data shows that Shaw Communications is a world leader in generating botnet traffic.(see the chart on pg. 11)This data is consistent with raw data reported by internet security organizations.
The use of "should" & "notorious" My use of these words do not reflect a bias against Shaw Communications. The word should is used in Wikipedia article Morchella (Morel)in regards to precautions. Requesting a citation on the use "should" would not be out of order. Please be patient and I will provide one. In the mean time it is a logical precaution and you should let it stand. Many visitors to the Shaw Communications wiki page will be experiencing frequent attacks from this address range and stating a reasonable precaution is not out of order. The word notorious means: generally known and talked of, or, widely and unfavorably known. Do a google search on "Shaw Communications internet attack" and you will see the use of "notorious" is reasonable. I will however work on rewriting this section stating the same information in a verifiable and more neutral tone. You do not have to rewrite this for me, simply state your concerns and I will try to address them. I am the only contributor to this page to present referenced information my work should not be deleted simply because you do not understand the topic. —Preceding unsigned comment added by 64.68.225.159 (talk) 16:55, 28 May 2008 (UTC)
- Thank you for your very civil response to a not-so-civil comment on my part. I appreciate your explanation, though I don't agree with all of it. I maintain that the article cited is extremely poorly written, but that in itself should not exclude it as a reference. I don't see where in the article it indicates that it is part of a book...? I assumed it to be self-published because it appears on a webpage named after one of the authors (www.cs.northwestern.edu/~ychen/...). If the book you mention is a better reference, then I suggest citing that in the article, instead of the webpage.
- In terms of language, the word "notorious" is not a very neutral word. It has strong negative connotations. Perhaps "known" or "noted" would be a more appropriate word for an encyclopedia. And I wonder whether stating unequivocally that the network "should" be blocked is somewhat presumptious. As far as I understand it, that would block all legitimate traffic as well as botnet traffic, which may not be in everyone's best interest.
- I would also suggest rephrasing the first sentence of the paragraph. The way it is currently stated, it could be interpreted that Shaw Communications is responsible for the attacks.
- I'm going to make an attempt at some changes that I think will make it a better paragraph. If you disagree with them, please feel free to change them further.
- —PurpleRAIN 21:22, 28 May 2008 (UTC)
The cited article does not reflect the current state. The data collected happened prior to Shaw disabling port 25 for their dynamic IP space. I recommend that the entire paragraph be removed until a more current reference can be cited. —Preceding unsigned comment added by Findinglost (talk • contribs) 15:24, 11 June 2008 (UTC)