nanog mailing list archives

Re: whois

From: Marshall Eubanks <tme () 21rst-century com>
Date: Tue, 24 Oct 2000 09:53:16 -0400


bmanning () vacation karoshi com wrote:


        Er, begging to differ. Only when electrodes are implanted
        in peoples brains and the activation circuits are accessable
        via paging (or something similar) will you get the types of
        response you think you want.  Either that or if their is
        a business relationship w/ your "SWAT" team, e.g. they are
        paid to be a your beck/call on a 24/7/365 basis.



Are you really saying that if I tell you that a dial-up user on your network
hacked into my system at some precise time, from a precise IP address 
(so that you could probably tell easily which user did it), and did so
in a fashion
which suggested an automated "script kiddie" effort, I should only
expect a response from you if I PAY for it ?!? 

This seems pretty close to the "protection" money that I hear people with
POP's in Moscow have to pay :) 

(BTW, I said nothing about timeliness
or 24x7 availability - a note a week or two later would have sufficed.)

The key to an anti-hacker ISP association would be
a very special ip address / contact person lookup database.
ie: who/how to contact for the 'SWAT' response for a particular IP
address.

--Mike--


Hello;

When we have had attacks such as root exploits, we have notified the
source (at least,
the ISP hosting the immediate source) as to the date, time, IP address, etc.
(In one case, the attack appeared to come from a dial-up address in Germany,
so I thought we had them.) We have NEVER received a response. From
conversations at meetings, etc., I understand that this is typical - almost
universal - and that it would be naive to expect other ISPs to actually
do anything
about being a source for attacks.

Maybe a start would be to a BCP for some level of minimal response if
you source
an attack, and a "web site of shame" listing those domains that source
attacks and do nothing about it when notified.



-- 


                                   Regards
                                   Marshall Eubanks


   Multicast Technologies, Inc.
   10301 Democracy Lane, Suite 201
   Fairfax, Virginia 22030
   Phone : 703-293-9624          Fax     : 703-293-9609     
   e-mail : tme () on-the-i com     http://www.on-the-i.com

Current thread:

Re: What TO DO and what NOT TO DO [Re: DOS Attacks - Almost Caught One!] Quark Physics (Oct 23)
- Re: What TO DO and what NOT TO DO [Re: DOS Attacks - Almost CaughtOne!] Marshall Eubanks (Oct 24)
  - Re: whois bmanning (Oct 24)
    - Re: whois Marshall Eubanks (Oct 24)
    - Re: whois Valdis . Kletnieks (Oct 24)
    - RE: whois Brett L. Hawn (Oct 24)
    - Re: whois Marshall Eubanks (Oct 24)
    - Incident response (was Re: whois ) batz (Oct 24)
    - Re: whois Quark Physics (Oct 24)
    - Re: whois bmanning (Oct 24)
    - Re: whois Quark Physics (Oct 24)