|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: whois
You're kidding, right? -K > -----Original Message----- > From: [email protected] > [mailto:[email protected]] > Sent: Tuesday, October 24, 2000 7:23 AM > To: [email protected] > Cc: [email protected] > Subject: Re: whois > > > > Yow! A chance to play devils advocate... Cool :) > > If you told me a dialup user on my network did anything, I'd doubt > your veracity. How do you know I have dialup services in my network? > The accuracy of your clock and the recorded IP address > are suspect since I have zero visability into your network structure > or administrative practice... and you don't have that visability into > mine. Your clock is hacked and you are forging IP addresses > in an attempt > to distract me from providing services. Tell me why this is > not a simple > case of harassment? Full and public disclosure of the attack > profile would > help build your credibility. And yes, if I have no business > relationship > to you and I've never had a relationship with you and you are making > assertions about my infrastructure and clients, I will prolly want > some incentive to cover the costs of investigating your outragous > claims. > > > > Are you really saying that if I tell you that a dial-up > user on your network > > hacked into my system at some precise time, from a precise > IP address > > (so that you could probably tell easily which user did it), > and did so > > in a fashion > > which suggested an automated "script kiddie" effort, I should only > > expect a response from you if I PAY for it ?!? > > > > This seems pretty close to the "protection" money that I > hear people with > > POP's in Moscow have to pay :) > > > > (BTW, I said nothing about timeliness > > or 24x7 availability - a note a week or two later would > have sufficed.) > > > > > > > > > > > > The key to an anti-hacker ISP association would be > > > > > a very special ip address / contact person lookup database. > > > > > ie: who/how to contact for the 'SWAT' response for a > particular IP > > > > > address. > > > > > > > > > > --Mike-- > > > > > > > > Hello; > > > > > > > > When we have had attacks such as root exploits, we have > notified the > > > > source (at least, > > > > the ISP hosting the immediate source) as to the date, > time, IP address, etc. > > > > (In one case, the attack appeared to come from a > dial-up address in Germany, > > > > so I thought we had them.) We have NEVER received a > response. From > > > > conversations at meetings, etc., I understand that this > is typical - almost > > > > universal - and that it would be naive to expect other > ISPs to actually > > > > do anything > > > > about being a source for attacks. > > > > > > > > Maybe a start would be to a BCP for some level of > minimal response if > > > > you source > > > > an attack, and a "web site of shame" listing those > domains that source > > > > attacks and do nothing about it when notified. > > > > > > > > > > -- > > > > > > Regards > > Marshall Eubanks > > > > > > Multicast Technologies, Inc. > > 10301 Democracy Lane, Suite 201 > > Fairfax, Virginia 22030 > > Phone : 703-293-9624 Fax : 703-293-9609 > > e-mail : [email protected] http://www.on-the-i.com > > > >
|