North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ICANN opens up Pandora's Box of new TLDs

  • From: Warren Kumari
  • Date: Mon Jun 30 13:23:41 2008


On Jun 30, 2008, at 12:54 PM, [email protected] wrote:


On Sun, 29 Jun 2008 17:55:53 EDT, "Tuc at T-B-O-H.NET" said:

220 Sending HELO/EHLO constitutes acceptance of this agreement

Even in a UCITA state that has onerous rules regarding shrink- wrapped EULA
terms, I think you'd have a very hard time getting a court to enforce an
alleged contract based on this. And it's different from the usual suggestion
to put "all activity may be monitored" in your telnet/ssh login banners, because
there's an expectation that the human will look at a login banner when they
login, but there's no expectation that an SMTP server will look at the 220
banner any further than checking the first digit is a '2' (go read the section
on SMTP reply codes in RFC2821).


Feel free to cite any relevant case law (in fact, even the case law on
login banners read by humans is a tad skimpy - in most cases, it does nothing
for intruders, but it protects you from your own users complaining their
privacy was violated)...


I have found the biggest advantage of banners to be the fact that you learn to recognize your own devices *before* typing your password...

It you *always* have a banner on *all* of your devices, you quickly learn to expect them...

For example:
ssh router1.example.net
**************************************************************
* This device belongs to example.net. Don't login if you
* are not supposed to be here... Blah blah blah.
* <><><><><><><><><><><><><><><><><><><><><>
*************************************************************
[email protected]'s password:

versus:
ssh router1.exsmple.net
[email protected]'s password:


Having a cute, customized banner (not the default from the standard security templates) helps with this...


W

--
If the bad guys have copies of your MD5 passwords, then you have way bigger problems than the bad guys having copies of your MD5 passwords.
-- Richard A Steenbergen