Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: whois

  • From: bmanning
  • Date: Tue Oct 24 10:29:36 2000

 Yow!  A chance to play devils advocate... Cool :)

 If you told me a dialup user on my network did anything, I'd doubt
 your veracity. How do you know I have dialup services in my network?
 The accuracy of your clock and the recorded IP address
 are suspect since I have zero visability into your network structure
 or administrative practice... and you don't have that visability into
 mine.  Your clock is hacked and you are forging IP addresses in an attempt
 to distract me from providing services. Tell me why this is not a simple
 case of harassment? Full and public disclosure of the attack profile would 
 help build your credibility.  And yes, if I have no business relationship
 to you and I've never had a relationship with you and you are making
 assertions about my infrastructure and clients, I will prolly want
 some incentive to cover the costs of investigating your outragous
 claims.


> Are you really saying that if I tell you that a dial-up user on your network
> hacked into my system at some precise time, from a precise IP address 
> (so that you could probably tell easily which user did it), and did so
> in a fashion
> which suggested an automated "script kiddie" effort, I should only
> expect a response from you if I PAY for it ?!? 
> 
> This seems pretty close to the "protection" money that I hear people with
> POP's in Moscow have to pay :) 
> 
> (BTW, I said nothing about timeliness
> or 24x7 availability - a note a week or two later would have sufficed.)
> 
> 
> > 
> > > > The key to an anti-hacker ISP association would be
> > > > a very special ip address / contact person lookup database.
> > > > ie: who/how to contact for the 'SWAT' response for a particular IP
> > > > address.
> > > >
> > > > --Mike--
> > >
> > > Hello;
> > >
> > > When we have had attacks such as root exploits, we have notified the
> > > source (at least,
> > > the ISP hosting the immediate source) as to the date, time, IP address, etc.
> > > (In one case, the attack appeared to come from a dial-up address in Germany,
> > > so I thought we had them.) We have NEVER received a response. From
> > > conversations at meetings, etc., I understand that this is typical - almost
> > > universal - and that it would be naive to expect other ISPs to actually
> > > do anything
> > > about being a source for attacks.
> > >
> > > Maybe a start would be to a BCP for some level of minimal response if
> > > you source
> > > an attack, and a "web site of shame" listing those domains that source
> > > attacks and do nothing about it when notified.
> > >
> 
> 
> -- 
> 
> 
>                                    Regards
>                                    Marshall Eubanks
> 
> 
>    Multicast Technologies, Inc.
>    10301 Democracy Lane, Suite 201
>    Fairfax, Virginia 22030
>    Phone : 703-293-9624          Fax     : 703-293-9609     
>    e-mail : tme@on-the-i.com     http://www.on-the-i.com
> 






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.