Do virgin have a team specifically to deal with cybercrime against one of their users? and to help assist with police enquiries?

A fast reply would be excellent if anybody knows?

Or suggestions on the way forward when being a victim of cybercrime

Do virgin have a team specifically to deal with cybercrime against one of their users? and to help assist with police enquiries?

A fast reply would be excellent if anybody knows?

Or suggestions on the way forward when being a victim of cybercrime

Yup

http://virginmedia.com/netreport

You can also leave a voicemail message on 01633 710142

The police have a seperate method of dealing with enquiries, they have to submit a RIPA form to virgin Media if they want details of an IP address on VM's network.

So how is VM going to monitor PHORM make sure they dont abuse us which they done a deal to monitor and pound us with junk advertising based on every single thing we do with our connection even reading emails. Surely this deal against our civil libities.

Talk about double standards.

ps dont think you will get away with by saying vm can stuff it BT & Talk Talk done it too.

Link explaining Phorm and its evil empire

http://www.badphorm.co.uk/page.php?3

Don't take the thread off topic.

Netreport seems kinda useless when you are the victim of a DDOS attack but thanks for the link...

I've left a voicemail too.. hopefully they can give me the evidene i need to prosecute. :)

Netreport seems kinda useless when you are the victim of a DDOS attack but thanks for the link...

I've left a voicemail too.. hopefully they can give me the evidene i need to prosecute. :)

If you've been DDOSed from a non VM network they can't help you. If it is from the VM network they won't prosecute, they will just deal with the matter in accordance with their user olicy.

If you've been DDOSed from a non VM network they can't help you. If it is from the VM network they won't prosecute, they will just deal with the matter in accordance with their user olicy.

i think he said HE WILL PROSECUTE not Virgin Media.

i think he said HE WILL PROSECUTE not Virgin Media.

Indeed he did......which begs the question....why go to VM for the evidence, surely he has it in his firewall? To assume VM has this information would be evidence of minitoring his inbound activity........lets not go there shall we?

If you've been DDOSed from a non VM network they can't help you. If it is from the VM network they won't prosecute, they will just deal with the matter in accordance with their user olicy.

they *could* implement filters to null route the traffic from the offending IPs but getting them to do so would be quite hard, if it's possible that is.

to the OP, was it a single DDoS? multiple? how are they getting your IP?

If you've been DDOSed from a non VM network they can't help you. If it is from the VM network they won't prosecute, they will just deal with the matter in accordance with their user olicy.

We had a games server based at a U.S. ISP, a user at a UK ISP was attacking the server via DDoS costing the ISP around $50k, the FBI were brought into it but nothing ever came of it due to lack of cooperation by the unnamed UK ISP (not sure about the legal side of this so I'll leave the ISP's name out).

A user's firewall may list the IP or similar details that might suggest the identity of a connection. You still need to link that identity to a physical user. That would normally require the co-operation of the ISP, and in turn with Data Protection and stuff, the ISP should only be doing that with a properly authorised request from the court, police or other agency. Problem is that the Police have no real idea how to deal with this type of matter, and really need some cybercrimes specilisms.

they *could* implement filters to null route the traffic from the offending IPs but getting them to do so would be quite hard, if it's possible that is.

to the OP, was it a single DDoS? multiple? how are they getting your IP?

They are getting my ip from a dyndns i use.

I do of course have masses of logs.. however....

I have worked out that they were using webeerver stress tools, sent through the TOR network...

Whilst i have now blackholed every TOR exit point ( 2306 or so ip addresses ) so the data requests no longer force my apache to eat 100% cpu, i fear that they still have the ability to max out my line.

I was half hoping to get some advice from Virgin to assist me in tracking down those reposnsible, having spoken to the police who suggested i speak to my ISP for assistance.
... Seems neither of the two places i called were much use ;)

oops edit: the ddos has been running on and off for a little over 3 days, mostly stopping yesterday afternoon. A small attack again this morning prompted the 'blackhole all TOR exit poits'

edit again: update, they have now decided to play wirectly to the ip address not not to the dyndns redirect.
This is takign the pee, surely someone knows where this can be reported effectively ?

I doubt VM would be interested as they don't officially support webservers on home BB. :(
The police probably won't be interested unless you are suffering financial impact or any demands/threats have been made by who ever is doing this. :(
Do you know who or why?

Personally for a ddos attack I wouldn't even bother the machine and or person have probably long gone be now.

Web Servers *shouldn't* be used on the home VM connection.

Anywho first thing I would do, track the IP via www.ripe.net - then email /call the owner of that range then get the user suspended - it's not rocket science - VM wont be able to help to a *certain* extent - Neither will the coppers. Just use some common sense about it!

:erm: The op has already said the DDOS is coming through the Tor anonymous pipe. Afaik, Ripe won't help with Tor users.
Might be worth pointing out to the owners of Tor that they are being used for an attack - but they probably alreday know.

They are getting my ip from a dyndns i use.

I do of course have masses of logs.. however....

I have worked out that they were using webeerver stress tools, sent through the TOR network...

Whilst i have now blackholed every TOR exit point ( 2306 or so ip addresses ) so the data requests no longer force my apache to eat 100% cpu, i fear that they still have the ability to max out my line.

I was half hoping to get some advice from Virgin to assist me in tracking down those reposnsible, having spoken to the police who suggested i speak to my ISP for assistance.
... Seems neither of the two places i called were much use ;)

oops edit: the ddos has been running on and off for a little over 3 days, mostly stopping yesterday afternoon. A small attack again this morning prompted the 'blackhole all TOR exit poits'

edit again: update, they have now decided to play wirectly to the ip address not not to the dyndns redirect.
This is takign the pee, surely someone knows where this can be reported effectively ?

Any idea's why you are being targeted in this way?

I was half hoping to get some advice from Virgin to assist me in tracking down those reposnsible, having spoken to the police who suggested i speak to my ISP for assistance.

The police will be little help, as much as they are very well versed in the law, your humble bobby will know very little about cybercrime.

In terms of VM tracking down those responsible...they can't. They can only point you to the networks involved, they won't have visibility of other network IP assignments down to the CPE level. Basically they can only investigate as much as you can with the appropriate network tools.

So, Tor is being used as the conduit.........nice. :(

Its infuriating..

MET have directed me to iwf.org.uk who are only interested in child pornograhpy or racial hatred crimes.

I could of course force an IP address change on VM network, but alas some other poor sucker would then get the hit aimed at me.

I can hazard some good guesses as to who is doing it, but obviously guesses dont carry much weight.

My 20mb line is completely unusable - virgin could resolve this by blocking all inbound from TOR on their entry points .. not gonna happen though :(


lol i cant wait till later when traffic shaping hits the line as well lol.