Re: @home: Is *anyone* really home there???

[david.kennedy () ACM ORG (David Kennedy CISSP)]

-----BEGIN PGP SIGNED MESSAGE-----

At 06:41 PM 2/25/00 -0700, Wozz wrote:
>  I'm the head of the security department for a large nationwide
>  cable modem provider that is in the exact same situation @home
>  is.
...
> Bottom line, just because you're
>  not getting a personal response, doesn't mean they aren't doing
>  anything about it.  I'm here to keep our network secure, and keep
>  our users from attacking others, not to respond (note i said
>  respond, not act upon) to every single complaint.

What does an ISP *want* to have reported?  I agree that complaints
that "so-and-so just banged on my Quake port all afternoon" should be
unwelcome.  However some activities tend to be more troublesome and I
wonder what the threshold of pain has to be for an ISP? In general,
not a specific policy:

nmap scans?
<insert tool name here> scans?
RPC probes?
DNS probes?
Trojan probes?
Queso/Operating System probes?
smurf/fragle/teardrop/land etc.?

other candidates?
PC Anywhere
Proxy probes, 1080, wingate, funk etc.?

It should also be clear that an autoresponse is better than no
response at all.  A boilerplate of "We are not usually able to respond
personally to each message received, but wish to assure you that we
investigate each report, and will take appropriate action in
accordance with our policies," (Sprint's autoresponse)  is good
enough.  How hard is that?

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.0.2
Comment: When did you backup your hard disk last?

iQCVAwUBOLrcbPGfiIQsciJtAQFCwQQAmUrxShL2qCO1wFMs3mP492tpSiJh8owN
xWL8oZRHvul09qarKjSS4ZBs/DnCGzv/WfKzzf7mFtj2kCgCJ024dTYDezXmrVdk
pCczmpJfpp1rUFp0vhvsO2+JJlK4UMtIVsOMIvWYOUSZ3n92GhnG2l8yU3v1iDDI
wV7VLlH45nY=
=Bjqk
-----END PGP SIGNATURE-----

--
Regards,

David Kennedy CISSP
Director of Research Services, ICSA.net http://www.icsa.net
Protect what you connect.
Look both ways before crossing the Net.