North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: whois

  • From: Marshall Eubanks
  • Date: Tue Oct 24 09:50:15 2000

[email protected] wrote:
>         Er, begging to differ. Only when electrodes are implanted
>         in peoples brains and the activation circuits are accessable
>         via paging (or something similar) will you get the types of
>         response you think you want.  Either that or if their is
>         a business relationship w/ your "SWAT" team, e.g. they are
>         paid to be a your beck/call on a 24/7/365 basis.

Are you really saying that if I tell you that a dial-up user on your network
hacked into my system at some precise time, from a precise IP address 
(so that you could probably tell easily which user did it), and did so
in a fashion
which suggested an automated "script kiddie" effort, I should only
expect a response from you if I PAY for it ?!? 

This seems pretty close to the "protection" money that I hear people with
POP's in Moscow have to pay :) 

(BTW, I said nothing about timeliness
or 24x7 availability - a note a week or two later would have sufficed.)

> > > The key to an anti-hacker ISP association would be
> > > a very special ip address / contact person lookup database.
> > > ie: who/how to contact for the 'SWAT' response for a particular IP
> > > address.
> > >
> > > --Mike--
> >
> > Hello;
> >
> > When we have had attacks such as root exploits, we have notified the
> > source (at least,
> > the ISP hosting the immediate source) as to the date, time, IP address, etc.
> > (In one case, the attack appeared to come from a dial-up address in Germany,
> > so I thought we had them.) We have NEVER received a response. From
> > conversations at meetings, etc., I understand that this is typical - almost
> > universal - and that it would be naive to expect other ISPs to actually
> > do anything
> > about being a source for attacks.
> >
> > Maybe a start would be to a BCP for some level of minimal response if
> > you source
> > an attack, and a "web site of shame" listing those domains that source
> > attacks and do nothing about it when notified.
> >


                                   Marshall Eubanks

   Multicast Technologies, Inc.
   10301 Democracy Lane, Suite 201
   Fairfax, Virginia 22030
   Phone : 703-293-9624          Fax     : 703-293-9609     
   e-mail : [email protected]