|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
In-Reply-To: <Pine.LNX.4.64.0903110922030.16117@franklin.wrl.org> Date: Wed, 11 Mar 2009 12:42:40 -0300 From: Rubens Kuhl <rubensk@gmail.com> To: Brett Charbeneau <brett@wrl.org> Cc: nanog@nanog.org Errors-To: nanog-bounces@nanog.org Covad telling you they don't keep logs is different from them not really having the logs... but, if they really don't keep logs, they are posing a risk that FBI or DHS might not be happy with. The feds will probably be more persuasive than you, so maybe hinting them about this situation may change something to better. Rubens On Wed, Mar 11, 2009 at 10:34 AM, Brett Charbeneau <brett@wrl.org> wrote: > =A0 =A0 =A0 =A0I've been nudging an operator at Covad about a handful of = hosts from > his DHCP pool that have been attacking - relentlessly port scanning - our > assets. I've been informed by this individual that there's "no way" to > determine which customer had that address at the times I list in my logs = - > even though these logs are sent within 48 hours of the incidents. > =A0 =A0 =A0 =A0The operator advised that I block the specific IP's that a= re > attacking us at my perimeter. When I mentioned the fact that blocking > individual addresses will only be as effective as the length of lease for > that DHCP pool I get the email equivalent of a shrug. > =A0 =A0 =A0 =A0"Well, maybe you want to ban our entire /15 at your perime= ter..." > =A0 =A0 =A0 =A0I'm reluctant to ban over 65,000 hosts as my staff have co= lleagues > all over the continental US with whom they communicate regularly. > =A0 =A0 =A0 =A0I realize these are tough times and that large ISP's may t= rim abuse > team budgets before other things, but to have NO MECHANISM to audit who h= as > what address at any given time kinda blows my mind. > =A0 =A0 =A0 =A0Does one have to get to the level of a subpoena before abu= se teams > pull out the tools they need to make such a determination? Or am I naive > enough to think port scans are as important to them as they are to me on = the > receiving end? > > -- > ******************************************************************** > Brett Charbeneau, GSEC Gold, GCIH Gold > Network Administrator > Williamsburg Regional Library > 7770 Croaker Road > Williamsburg, VA 23188-7064 > (757)259-4044 =A0 =A0 =A0 =A0 =A0www.wrl.org > (757)259-4079 (fax) =A0 =A0brett@wrl.org > ******************************************************************** > > >
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |