Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Not so Nice Net

From: Michael Sinatra <michael () RANCID BERKELEY EDU>
Date: Fri, 10 Feb 2012 12:50:33 -0800
On 02/10/12 12:21, Jeff Moore wrote:

First - Thank you all for responding to my question. It has made it
clear that what we were seeing was not crazy but that you all have been
seeing similar things. Thanks everyone!!

Second - Michael Sinatra - I am assuming you must have read this on a
bad day. I am sorry for any problems you are having. From what I have
read from folks on this thread I assume that folks are quite intelligent
and that none of them assume that the internet is still classful. It is
simply a way that they communicate. Perhaps it is my mistake for how I
phrased the question. My apologies if that was the case.
I wasn't reading it on a bad day, but I have had many many bad days caused by very good and talented security professionals assuming that netblocks were divided on octet boundaries. That being said, let me state in as friendly and constructive way as can be inferred in email: It is much better to be as precise as possible when discussing issues regarding malicious activities. I don't feel that "91.x.x.x" is very precise for the same reasons Marty outlined. It may be a useful shortcut for some, but just as I should be cognizant of how others will interpret my admittedly-too-emphatic message, so should everyone here. It is very easy to misinterpret what was being said on this thread with respect to the exact netblocks and providers that are at issue and that is of concern to me. 


I think that
these intelligent professionals also have the courtesy not to yell and
not to try to make others looks or feel bad. In your case it looks as
though my assumptions were incorrect.
The use of capitalization was intended for emphasis and not to make others look or feel bad, and it was definitely not to simulate yelling--I apologize for that; I should have used a different mechanism for emphasis. You'll notice that I didn't respond directly to anyone (including you) in this thread, but instead wanted to make an emphatic reminder to the whole community to be careful and precise when you communicate regarding netblocks. I did paraphrase my own misinterpretation of your text, which is unfortunate. Sorry about that. 


I am not a member of this group to
get into arguments over semantics with folks that have no respect for
their peers. If you read my message and the other kind folks that
replied you would see that we did not say we got scanned by every host
in these ranges. Please take the time to read the messages that you are
responding to. I think folks here understand the consequences of
blocking entire ranges. Its their job.
You're correct on that one. I did misread your message. I now see that you were saying that all of the traffic you have seen in 91.0.0.0/8 has been bad. I sincerely apologize for that. Given that, it would be useful to have more information as to exactly which providers in that block seem to be especially problematic, or which IP addresses (or classless ranges) appear to be the biggest problem. I don't think the legitimate users and providers who happen to be assigned parts of 91.0.0.0/8 appreciate being painted with a broad brush.
Realizing that people in this community don't like being painted with a broad brush, I will also take your criticism to heart. 

cheers,
michael
Previous By Date Next
Previous By Thread Next

Current thread: