RE: Public IP information

["dave" <dave () netmedic net>]

Brian,


Harsh words..... 

You Wrote > " contact the law enforcement who will undoubtedly not
understand a word of what you are talking about, but hey, that's how it
goes"

I will take the Pepsi challenge on that one up against you any day of the
week.


Dave


 
_____________________
Dave Kleiman
dave () netmedic net
www.netmedic.net

 

-----Original Message-----
From: Carpio, Brian [mailto:Brian_Carpio () csgsystems com] 
Sent: Wednesday, June 11, 2003 17:36
To: David M. Fetter; Ronish Mehta
Cc: security-basics () securityfocus com
Subject: RE: Public IP information

They aren't obligated to give it to the Local Police or the FBI unless a
search warrant is issued. But if the ISP is being unreasonable you can try
and contact the law enforcement who will undoubtedly not understand a word
of what you are talking about, but hey, that's how it goes... 

This should be looked upon as an opportunity to check your firewall, IDS
etc... and make sure everything is working the way you want it to work. 


Brian Carpio

-----Original Message-----
From: David M. Fetter [mailto:david.fetter () fetterconsulting com]
Sent: Wednesday, June 11, 2003 12:46 PM
To: Ronish Mehta
Cc: security-basics () securityfocus com
Subject: Re: Public IP information


If you are being attacked then you should contact the company that you 
believe it is coming from.  They should have a technical contact or 
abuse contact.  If they do not respond then you should go to the 
authorities.  I don't think the ISP has an obligation to provide you 
with the information, but they certainly are obligated to give it to the 
local police and/or FBI.

Ronish Mehta wrote:
> Hi, we have recently seen attacks comming from a
> specific IP, by query APNIC, we found that the IP was
> registered to a company (say company "X LTD")
>
> We wanted to cross check with our ISP before taking
> any action, the ISP is saying that the IP is no longer
> associated with company "X Ltd" but with another
> company; 
> however the ISP is claiming that the information is
> confidential, and that they cannot divulgate the
> identity of the company to which this IP address is
> attached
>
> Does the ISP have the right to do this?
> Should not the ISP give us this information in case
> APNIC is not updated?
>
> Any other information on this issue is the most
> welcome
>
> Thanks & Regards




---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------