[31860] in North American Network Operators' Group
Re: whois
daemon@ATHENA.MIT.EDU (Marshall Eubanks)
Tue Oct 24 09:48:43 2000
Message-ID: <39F5944C.520B0A4D@21rst-century.com>
Date: Tue, 24 Oct 2000 09:53:16 -0400
From: Marshall Eubanks <tme@21rst-century.com>
Reply-To: tme@21rst-century.com
MIME-Version: 1.0
To: bmanning@vacation.karoshi.com, nanog@nanog.org
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
bmanning@vacation.karoshi.com wrote:
>
> Er, begging to differ. Only when electrodes are implanted
> in peoples brains and the activation circuits are accessable
> via paging (or something similar) will you get the types of
> response you think you want. Either that or if their is
> a business relationship w/ your "SWAT" team, e.g. they are
> paid to be a your beck/call on a 24/7/365 basis.
Are you really saying that if I tell you that a dial-up user on your network
hacked into my system at some precise time, from a precise IP address
(so that you could probably tell easily which user did it), and did so
in a fashion
which suggested an automated "script kiddie" effort, I should only
expect a response from you if I PAY for it ?!?
This seems pretty close to the "protection" money that I hear people with
POP's in Moscow have to pay :)
(BTW, I said nothing about timeliness
or 24x7 availability - a note a week or two later would have sufficed.)
>
> > > The key to an anti-hacker ISP association would be
> > > a very special ip address / contact person lookup database.
> > > ie: who/how to contact for the 'SWAT' response for a particular IP
> > > address.
> > >
> > > --Mike--
> >
> > Hello;
> >
> > When we have had attacks such as root exploits, we have notified the
> > source (at least,
> > the ISP hosting the immediate source) as to the date, time, IP address, etc.
> > (In one case, the attack appeared to come from a dial-up address in Germany,
> > so I thought we had them.) We have NEVER received a response. From
> > conversations at meetings, etc., I understand that this is typical - almost
> > universal - and that it would be naive to expect other ISPs to actually
> > do anything
> > about being a source for attacks.
> >
> > Maybe a start would be to a BCP for some level of minimal response if
> > you source
> > an attack, and a "web site of shame" listing those domains that source
> > attacks and do nothing about it when notified.
> >
--
Regards
Marshall Eubanks
Multicast Technologies, Inc.
10301 Democracy Lane, Suite 201
Fairfax, Virginia 22030
Phone : 703-293-9624 Fax : 703-293-9609
e-mail : tme@on-the-i.com http://www.on-the-i.com
