Educause Security Discussion mailing list archives
Re: Not so Nice Net
From: Michael Sinatra <michael () RANCID BERKELEY EDU>
Date: Fri, 10 Feb 2012 12:50:33 -0800
On 02/10/12 12:21, Jeff Moore wrote:
First - Thank you all for responding to my question. It has made it clear that what we were seeing was not crazy but that you all have been seeing similar things. Thanks everyone!! Second - Michael Sinatra - I am assuming you must have read this on a bad day. I am sorry for any problems you are having. From what I have read from folks on this thread I assume that folks are quite intelligent and that none of them assume that the internet is still classful. It is simply a way that they communicate. Perhaps it is my mistake for how I phrased the question. My apologies if that was the case.
I wasn't reading it on a bad day, but I have had many many bad days caused by very good and talented security professionals assuming that netblocks were divided on octet boundaries. That being said, let me state in as friendly and constructive way as can be inferred in email: It is much better to be as precise as possible when discussing issues regarding malicious activities. I don't feel that "91.x.x.x" is very precise for the same reasons Marty outlined. It may be a useful shortcut for some, but just as I should be cognizant of how others will interpret my admittedly-too-emphatic message, so should everyone here. It is very easy to misinterpret what was being said on this thread with respect to the exact netblocks and providers that are at issue and that is of concern to me.
I think that these intelligent professionals also have the courtesy not to yell and not to try to make others looks or feel bad. In your case it looks as though my assumptions were incorrect.
The use of capitalization was intended for emphasis and not to make others look or feel bad, and it was definitely not to simulate yelling--I apologize for that; I should have used a different mechanism for emphasis. You'll notice that I didn't respond directly to anyone (including you) in this thread, but instead wanted to make an emphatic reminder to the whole community to be careful and precise when you communicate regarding netblocks. I did paraphrase my own misinterpretation of your text, which is unfortunate. Sorry about that.
I am not a member of this group to get into arguments over semantics with folks that have no respect for their peers. If you read my message and the other kind folks that replied you would see that we did not say we got scanned by every host in these ranges. Please take the time to read the messages that you are responding to. I think folks here understand the consequences of blocking entire ranges. Its their job.
You're correct on that one. I did misread your message. I now see that you were saying that all of the traffic you have seen in 91.0.0.0/8 has been bad. I sincerely apologize for that. Given that, it would be useful to have more information as to exactly which providers in that block seem to be especially problematic, or which IP addresses (or classless ranges) appear to be the biggest problem. I don't think the legitimate users and providers who happen to be assigned parts of 91.0.0.0/8 appreciate being painted with a broad brush.
Realizing that people in this community don't like being painted with a broad brush, I will also take your criticism to heart.
cheers, michael
Current thread:
- Not so Nice Net Jeff Moore (Feb 08)
- Re: Not so Nice Net Hanson, Mike (Feb 08)
- Re: Not so Nice Net Martin Manjak (Feb 08)
- Re: Not so Nice Net Jeff Moore (Feb 08)
- Re: Not so Nice Net David Gillett (Feb 08)
- Re: Not so Nice Net Heath Barnhart (Feb 09)
- Re: Not so Nice Net Brian Helman (Feb 10)
- Re: Not so Nice Net Michael Sinatra (Feb 10)
- Re: Not so Nice Net Jeff Moore (Feb 10)
- Re: Not so Nice Net Michael Sinatra (Feb 10)
- Message not available
- Not so Nice Net Jeff Moore (Feb 10)
- Re: Not so Nice Net Brian Helman (Feb 10)
- Re: Not so Nice Net Mike Lococo (Feb 10)
- <Possible follow-ups>
- Re: Not so Nice Net Joe St Sauver (Feb 10)