Plusnet being unreasonable?

Luciano · ‎30-07-2007

Hi,
I would like to start an open discussion about a problem I have and get people’s opinions on whether Plusnet are being reasonable/unreasonable.
I will start from the beginning just to put everything in context so this may be a bit boring.
In Feb of 2010 I switched products from a home product to a business option 1 product as I was starting my own business. About two weeks after I was issued
with a new ip address my line started disconnecting erratically and having erratic speeds this went on for about 5/6 months, no one ever got to the bottom of

it and eventually it just fixed itself with no one having a clue as to why. Ok, it could have been a coincidence. While all this was going on I also had
billing issues with the wrong amounts being taken right from the start of the switch to the business product. These amounts would be refunded and then taken
again. This was only finally corrected in December 2010. Around the time that the disconnection problem resolved itself I started getting, I suppose denial
of service attacks, some I managed to resolve myself by contacting the offending isp's abuse team and some just went away. This April however the only way to
stop an attack on port 5060 (VoIP, which I do use) was to have my ip block changed. This however took somewhere in the region of two weeks to resolve and
luckily I had my excess usage refunded by; I think somebody called Mike who no one seems to know now. He did say to me at the time that should I have the
problem again I should contact him. Well I would if I could because now we come to the latest problem.
Again it is an attack on port 5060 and Plusnet will not do anything about it. I have even proved that the address in question 190.128.229.122 is a known VoIP
attack host which appears to have been doing the rounds since 2005. I have provided evidence from websites that have it listed and I have contacted the bank
in Paraguay that uses the address as well as the abuse address of the Telco in question (Telecel s.a.) that has issued it. They are refusing to issue a new
ip block and in some ways I agree with this as this is not the solution but they are refusing to block the address in any way whatsoever. I got into a long
conversation today where I was being led to believe that Plusnet do not adopt any ip address blocking procedures at all. I find this hard to believe as I
doubt their network would be up for more than 1 hour if they did not deploy ip blacklists. I kept being told that I was the only customer that has had this
kind of problem more than once because no one else has reported it. I find this really hard to believe and my argument here is that a lot of people would
never realise, either because of the equipment they run does not obviously show it or they just accept the over usage and pay up, or have such a high limit
that it does not matter. As I was getting nowhere I came up with another argument which was that if I was to switch my router off I would not be charged for
the traffic but that that traffic would still be entering the Plusnet network and presumably, they would be paying for it in some way. So as I did not
initiate this traffic and there was no intent on my part to benefit from this traffic in any way then why should I pay for it if my router is on. All my
router appears to be doing once it is switched on is allowing Plusnet to account for the traffic against somebody and bill them for it.
So my questions are to Plusnet or whoever:
1. Does anybody know what the business products are actually for apart from having a phone number that is actually answered? They don't seem to differentiate between home and business at all. In fact the calls are answered by the same people albeight much faster. I see it more as a home version V1.000001.
2. Has anybody ever managed to get past the first person they speak to? Because in 9 years I have never got past that first person. Today I politely asked to
speak to a supervisor etc. and the request was flatly refused. I have always seen this as a major problem at Plusnet; they have always gone on about how
fantastic their customer service is, and it is if you just want general chit chat, if you have a genuine problem then forget it you get stone-walled. Most
companies do this now and have been since the late 90's but Plusnet have it fine tuned. In fact the team I support (Arsenal) could do with them at the moment
in their defence as you never get past Plusnets first line of defence, never.
3. As I have provided evidence that the address is on various website blacklists should it be a legal requirement that they act on this information. It seems
a bit like a bank being advised that a credit card has been compromised and the bank refusing to stop it and keep charging the customer for the purchases
being made on it. (maybe this is stretching it a little, but it is a bit similar)
4. Do Plusnet really not deploy ip blacklists? They keep saying that they cannot blanket block the address but surely can't they just block the address against my ip address. I've seen this done in many places where I have worked.
5. Does anybody really believe that mine is a unique problem? Does nobody else ever have attacks on their systems? This is a business product and so in my
opinion would be expected to be on all the time. In fact mine has always been on 24/7 since I started with Plusnet, my problems only started once I went on
the business product. I have worked in places that were constantly being bombarded but with the help of the isp they were shielded from these attacks. This
is part of having a system on all the time, it happens and I thought, maybe wrongly, that a business product carried a bit more support/protection with it.
6. Are Plusnet possibly responsible? I mentioned this today as well while we were playing the blame game. I said it was not my fault but I accepted that it
was not their fault either but that as I had done everything I could at my end, emails to abuse addresses, blocking it on my hardware firewall, providing
them with as much information as possible they were in a better position to deal with it then I was. When this was rebuffed I said that maybe they were
responsible after all as they were not protecting me sufficiently from traffic that was travelling on their network and that maybe my addresses may have been
leaked by themselves or Gradwell. After all I am still paying the price for their email server being compromised by Russian gangs or whoever they were and
getting loads of spam that I have to deal with on a daily basis at my end. Maybe I should do some kind of insurance knock for knock deal, they offset all the
spam I get against the unauthorised traffic the plusnet network is sending me and cancel out the over usage.
7. Am I being unreasonable, as they refuse to help in any other way, asking for the traffic to be cancelled out as the traffic would be there regardless of
my router being on or not being on? They know my past usage I have never gone over since I have been on the Business product apart from situations like this.
It would be nice for people to comment as I believe that the failure for Plusnet to act on situations like this is what allows this kind of thing to keep
happening, nobody has any interest in stopping it. Does anybody know of any isp who would view this differently. I did speak to Eclipse today and am waiting
for some kind of information on how they would deal with this kind of problem before considering whether it is finally time to move on.
Any way I will finish now as I continue to stare at the red blinking lights on my router busily rejecting the traffic from this rogue address.
Thanks for reading
Lou

harps1h · ‎26-07-2011

find a new isp

David_W · ‎19-07-2007

If you have no requirement for a static IP (i.e. don't host anything yourself where you need the same IP address) switching to dynamic and turning off rdns (if it's on) would solve your problem instantly.

itsme · ‎07-04-2007

Is the IIP address you entered above correct? It does not appear in any allocation databases.

HPsauce · ‎02-02-2008

www.rbls.org: 190.128.229.122 is not listed in any blacklists
Maybe you're misinterpreting your problem?
I don't know PN's business products but I'd also suggest finding an ISP that is "known" for providing them.
Won't be cheap though, but then I don't know what PN charge either.
Many ISP's prohibit business use on what are basically domestic packages, some do allow it but the support is not usually "business class".

itsme · ‎07-04-2007

It's not listed in any blacklist as it's not been allocated. So assume it's a private/internal IP.

jelv · ‎10-04-2007

All the information I can see matches that given by the OP. E.g. http://www.dnsstuff.com/tools/whois/?tool_id=66&token=&toolhandler_redirect=0&ip=190.128.229.122

jelv (a.k.a Spoon Whittler)
Why I have left Plusnet (warning: long post!)
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)

Luciano · ‎30-07-2007

Hi,
Thanks for the replies.
I do require a static ip as I frequently access my systems in many ways from outside and have people who have telephone extensions registered against my voip server.
The lists I am referring to are probably not known blacklists but nevertheless do state that this address is a known address that probes port 5060 and my mistake it appears to have been doing the rounds since May of this year and not 2005. Basically I am receiving sip registration requests on this port using my ip address as the connection. This will never work as the router I am using is a fully sip aware router and will only accept connections through this port if a specific dns name is used and this dns name is not my plusnet domain name so even doing a reverse lookup won't help them. The router will also not tell them that I have a voip server behind this port though I suppose the fact that the port is open is enough for them to try.
At the moment I am looking to see if there are any business products which are truly business products in that they will actually discuss problems with you (may not totally resolve them but at least one has some kind of dialog). I am waiting for Eclipse to get back to me as I have asked the question as to what they would do if this situation arose and I agree one would have to pay more with other providers but I may have to accept this if the support/solutions/professionalism are better.
As regards the official blacklists like rbls what worries me is that I could not get out of the support person whether they actually use them. I am sure they do as they would be swamped if they did not. But even putting this aside, Plusnet always promoted themselves on their home products, at least they did when I joined them more then 9 years ago, that they were the isp for the technically minded and you could do many things at your end of the connection which other isp's did not allow (this would obviously involve ports being open). If they are so technically advanced and I thought that was why BT bought them for their traffic shaping hardware etc.why can they not revamp their broadband firewall and allow individuals to blacklist ip addresses that are attacking them. They allow you to blanket block ports and going back to my point about the traffic still roaming around their network even if my router was switched off. If I was to block one of the ports that can be blocked on the broadband firewall, lets say port 25 and If somebody was flooding this port with traffic destined for my connection I presume it would not count towards my usage. So they appear to accept it on this count and I appear to be paying for their lack of technology in implementing configurable ip blacklists on this firewall or any other firewall..
Thanks for listening.

adamwalker · ‎27-04-2007

Hi Lou,
To answer your questions directly:

Quote
. 1. Does anybody know what the business products are actually for apart from having a phone number that is actually answered? They don't seem to differentiate between home and business at all. In fact the calls are answered by the same people albeight much faster. I see it more as a home version V1.000001.

We have a dedicated business support team that operates the core hours of 8am to 8pm Monday to Friday with some reduced cover on Saturdays. So if you call in those hours it's not the same staff as residential support, call outside those hours and it will be the same support.
The products themselves are tailored to be more appropriate to business users and so are the terms and conditions for use.
Also have you made sure you are dialling the correct number? Business support are available on 0114 2965182

Quote
2. Has anybody ever managed to get past the first person they speak to? Because in 9 years I have never got past that first person. Today I politely asked to
speak to a supervisor etc. and the request was flatly refused. I have always seen this as a major problem at Plusnet; they have always gone on about how
fantastic their customer service is, and it is if you just want general chit chat, if you have a genuine problem then forget it you get stone-walled. Most
companies do this now and have been since the late 90's but Plusnet have it fine tuned. In fact the team I support (Arsenal) could do with them at the moment
in their defence as you never get past Plusnets first line of defence, never.

We should not flatly refuse this if you wish to raise a complaint, however the agents you speak to are empowered to deal with any relevant or appropriate queries so there should not really be a need to speak to anyone else. Supervisors are here to supervise first and foremost. Let me know however if there is a specific issue or complaint which you believe could only be handled by a supervisor.

Quote
3. As I have provided evidence that the address is on various website blacklists should it be a legal requirement that they act on this information. It seems
a bit like a bank being advised that a credit card has been compromised and the bank refusing to stop it and keep charging the customer for the purchases
being made on it. (maybe this is stretching it a little, but it is a bit similar)

I'm sorry you feel that way, we did place a block on the IP but it looks like there is a technical limitation for some reason as to how many times we can do this. However I'm going to advise that you take a slightly different tack and send an e-mail to abuse@plus.net detailing the ticket ID in question and your account's username. Also do update this thread when you've done so to give me a heads up to give the appropriate people at this end a prod for you.

Quote
4. Do Plusnet really not deploy ip blacklists? They keep saying that they cannot blanket block the address but surely can't they just block the address against my ip address. I've seen this done in many places where I have worked.

We can where possible but contrary to popular belief there are various means of doing this and a lot of it lies with the hosts of the alleged attacking IPs.So processes for this can be manifold and can vary.

Quote
5. Does anybody really believe that mine is a unique problem? Does nobody else ever have attacks on their systems? This is a business product and so in my
opinion would be expected to be on all the time. In fact mine has always been on 24/7 since I started with Plusnet, my problems only started once I went on
the business product. I have worked in places that were constantly being bombarded but with the help of the isp they were shielded from these attacks. This
is part of having a system on all the time, it happens and I thought, maybe wrongly, that a business product carried a bit more support/protection with it.

No, to believe you were the only attempted or alleged victim of a DOS attach of any kind would be a silly notion. By default there's no reason for business products to have any less or more protection than a residential product as both can fall victim unfortunately to attacks of this nature. It's not what business products are for.Please see my answer to your first question with regards to that.

Quote
6. Are Plusnet possibly responsible? I mentioned this today as well while we were playing the blame game. I said it was not my fault but I accepted that it
was not their fault either but that as I had done everything I could at my end, emails to abuse addresses, blocking it on my hardware firewall, providing
them with as much information as possible they were in a better position to deal with it then I was. When this was rebuffed I said that maybe they were
responsible after all as they were not protecting me sufficiently from traffic that was travelling on their network and that maybe my addresses may have been
leaked by themselves or Gradwell. After all I am still paying the price for their email server being compromised by Russian gangs or whoever they were and
getting loads of spam that I have to deal with on a daily basis at my end. Maybe I should do some kind of insurance knock for knock deal, they offset all the
spam I get against the unauthorised traffic the plusnet network is sending me and cancel out the over usage.

I don't see how we can be responsible for causing or preventing this issue. However we do have a responsibility as far as I'm aware to be reactive. I can see that this has been done and I'm sorry that you've hit an issue at the moment but do follow my recommendations re that as per my answer to your third question.

Quote
7. Am I being unreasonable, as they refuse to help in any other way, asking for the traffic to be cancelled out as the traffic would be there regardless of
my router being on or not being on? They know my past usage I have never gone over since I have been on the Business product apart from situations like this.

I don't think we've refused to help but you have clearly hit a hurdle here which we are sorry for but I've recommended a way forward...
Any other questions do let me know.

If this post resolved your issue please click the 'This fixed my problem' button

Adam Walker
Plusnet Help Team

Luciano · ‎30-07-2007

Adam,
Thanks for going to the effort of replying.
Response to question 1.
I did call during office hours and I do use the business number.
Response to question 3.
Are you saying that Plusnet did put a block on the ip address 190.128.229.122 or are you referring to something different?
The reason I ask this is that yesterday around about 17:00 I decided to allow the offending ip addresses traffic into my network and even tried to allow it to register with my voip server so that I could dead end it into an unobtainable tone and thus lower the traffic. This was proving too difficult to do as as soon as I set up the account the registration info would change to a user name it was trying to register with. I did notice however that once I allowed the traffic through the indicators on my router subsided to a more normal flicker so I decided to block the traffic again and still the traffic appeared to be at a normal level. On checking my firewall logs I noticed that instead of a constant stream of attempts (many per second) I was only getting about 1 every 30 seconds if that and jkept decreasing throughout the evening. This may all have been a coincidence. At around 22:30 the traffic from this ip address suddenly stopped and I then started getting the odd probe from a different ip address originating from Russia. This amounted to nothing and the traffic usage is now back to normal.
Response to question 6.
The problem regarding your email server was almost definitely Plusnets fault, it may have been unfortunate, but data breaches are companies responsibilities whether it happened due to bad luck or otherwise. I may be getting paranoid but the fact that from what I understand a Russian gang harvested all those email addresses, mine included, and the fact that I do get the odd probe from ip addresses originating from Russia (last night included) does make me wonder whether the ip addresses I have been on since moving to the business product have been ip addresses that were connected to other sub domains that were more affected by the mail server breach and have been recycled. Which is why I end up with the hassle I have. It would be interesting to know what the policy is on compromised addresses and what is done with them when they are taken off air.
Response to question 7.
My last conversation on Friday definitely left me in the position of having nowhere to go not that Plusnet had hit a hurdle. The term hurdle to me means you can stop at it if you wish but it can always be jumped if you have the know how.
-----------------------------------------------------------------------------------------------------
This is what I was told and it does not seem like a hurdle, more like a brick wall.
As per our conversation, we are unable to replace the ip block again, as was done last time. I have also checked with our networks team and we are unable to blanket block the ip address in question in this situation.
As described in your ticket responses you have reported this abuse through the appropriate channels, and unfortunately there is nothing further we can do in this situation.
--------------------------------------------------------------------------------------------------------
By the way I was only asking for an ip block change as an absolute last resort as this is not the answer because as I have already mentioned above, it just takes out an ip range or passes it on to somebody else. Incidentally is ther any hope of an ip blacklist per user on the broadband firewall?
Thanks for your time and I will report it to the abuse team should it start up again but there is no point at the moment as it appears to have stopped. I would be interested however to know if that was done by the network team, though I did not think they worked over the weekend apart from emergencies.
Thanks Again
Lou

adamwalker · ‎27-04-2007

No problem,

Quote
Are you saying that Plusnet did put a block on the ip address 190.128.229.122 or are you referring to something different?

Yes as far as I can gather from the account notes we did.

Quote
As described in your ticket responses you have reported this abuse through the appropriate channels, and unfortunately there is nothing further we can do in this situation.

The words of one person, not our opinion as a whole so I'm not going to leave you high and dry there, apologies for that.
With regards to replacing the IP block we have to take a very tough stance on that as when new IP blocks are issued your old IPs are automatically released for redistribution to new users, hence some other unfortunate person could then be subject to the same attacks. It looks like a blocking the attacks would be the right way to resolve this problem so it's over to networks now once you've sent us that e-mail over.

If this post resolved your issue please click the 'This fixed my problem' button

Adam Walker
Plusnet Help Team

Luciano · ‎30-07-2007

Quote
Yes as far as I can gather from the account notes we did.

Is there any way of knowing what time the block was put on this ip address so that I can work out whether it was around the time I noticed the decrease in traffic.
Incidenatlly why was i not told that a block had been put on this ip address, after all that's what I was requesting from the start?

Quote
With regards to replacing the IP block we have to take a very tough stance on that as when new IP blocks are issued your old IPs are automatically released for redistribution to new users, hence some other unfortunate person could then be subject to the same attacks.

With this in mind that the ip addresses are released automatically there is a good chance then that this is why I end up with these problems in which case should I end up going over my alloted allowance should this not be refunded? Had the block been put on early enough I would not have amassed so much usage. I will do my best to stay under as I don't usually go close to the limit but that may not be possible.

Quote
It looks like a blocking the attacks would be the right way to resolve this problem so it's over to networks now once you've sent us that e-mail over

As it has already been blocked and my traffic is back to normal do I still need to report it to the abuse team?
Thanks
Lou

Plusnet being unreasonable?

Plusnet being unreasonable?

Re: Plusnet being unreasonable?

Re: Plusnet being unreasonable?

Re: Plusnet being unreasonable?

Re: Plusnet being unreasonable?

Re: Plusnet being unreasonable?

Re: Plusnet being unreasonable?

Re: Plusnet being unreasonable?

Re: Plusnet being unreasonable?

Re: Plusnet being unreasonable?

Re: Plusnet being unreasonable?

Re: Plusnet being unreasonable?