Reader Charlie Vanderford, a past president of the Greater Tampa Bay PC User Group, writes:
I have been a Road Runner [cable modem] customer for over 4 years having been one of the original beta testers in Temple Terrace, FL. During that time I have seen RR’s speed (and quality of customer service/maintenance support) continually deteriorate. Last Summer I installed a personal firewall on my home computer running Win98se Zone Alarm Pro. ZA detects and blocks intrusion attempts by other computers/servers. When first installed I used to get maybe 5-7 intrusion attempts per day. However, during the last two months, that number has shot through the roof. I now easily average 100-500 "hits" per day. ZA blocks each and every one of them, but I have noticed an anomaly. The majority of intrusion attempts are from RR’s own servers (eg. 65.32.xxx.xxx). When I do a reverse domain lookup on that IP address, it points to Time Warner Southeast, Road Runner of Tampabay. It appears my own Internet service provider (ISP) is constantly pinging or attempting to gain access to my home PC. Why?
I wrote to abuse, fraud, and firstname.lastname@example.org about the problem but received no response. I even included my ZA log file. Still nothing. Next I wrote to RR’s central address at abuse, fraud, and email@example.com but still received no reply. Ditto for the messages sent with my ZA log file….
I know *exactly* what you mean, Charlie: I also use RR here; or rather I did: Road Runner’s local outlet here (MediaOne) was taken over by AT&T several months ago, and it’s now called "AT&T Broadband." The cable modem speed hasn’t changed, but I also went from almost no inbound pings/probes to what is now a huge number– often 2-3 per second! Most of these come from IP address blocks that appear to be part of the RR/AT&T system and not RR/AT&T subscriber IPs.
The pings/probes are easily blocked, and they’re more of an annoyance than anything else; I stop them all at my primary firewall, and so none makes it to my desktop systems. But the large amount of bogus activity makes it almost impossible to see when truly malicious probes come in because the "noise" from the RR/AT&T activity swamps everything else. And, of course, the bogus activity does consume some bandwidth. (A packet here, a packet there, and it starts to add up.)