[112613] in North American Network Operators' Group
RE: Dynamic IP log retention = 0?
daemon@ATHENA.MIT.EDU (Jon Lewis)
Wed Mar 11 10:03:52 2009
Date: Wed, 11 Mar 2009 10:03:42 -0400 (EDT)
From: Jon Lewis <jlewis@lewis.org>
To: "Darden, Patrick S." <darden@armc.org>
In-Reply-To: <CBE22E5FF427B149A272DD1DDE107524031BDD46@EX2K3.armc.org>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
On Wed, 11 Mar 2009, Darden, Patrick S. wrote:
> I think your next step is your lawyer. Put all your missives, your
> email, your phone conversations, your logs, your auditing results, your
> detection troubleshooting and sleuthing trails etc. in a folder, create
> a one page summary including any damages you feel might have been caused
> (e.g. time, effort, and money spent on this so far) and a timeline, and
> make an appointment with your lawyer.
I wouldn't necessarily believe the response from Covad and try to escalate
to someone with a bit more clue there...but what's the point in getting
lawyers involved? Whatever access isn't supposed to be open should be
filtered. Beyond that, you should expect regular scans from random hosts
on the net. That's the way it's been for the past 20 or more years,
and it's unlikely to stop just because you don't like it. What effect
will your lawers have next week when the 'abusive scans' are coming from
Romania, China, Russia, etc.?
If port scans really bother you, then you should setup a system to detect
them, and regularly rebuild ACLs/null route lists/etc. to stop them in
near real time. AFAIK, Cisco sells such a product, as do other network
vendors I'm sure.
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
