On Mar 15, 2009, at 1:20 AM, Charles Wyble wrote:
Can we please get this thread closed or something?
Maybe we should start the nanog-law mailing list.
Jim Popovitch wrote:
On Sat, Mar 14, 2009 at 23:17, Joe Greco jgr...@ns.sol.net wrote:
Looking around Rockefeller Center generally isn't
Marshall Eubanks wrote:
Maybe we should start the nanog-law mailing list.
Maybe we should stick to the operational Subject at hand: log retention?
Is there any disagreement that everybody SHOULD keep dynamic assignment logs
for at least 36 hours as a Best Current Practice?
Is there any
A finely tuned killfile that remains mostly static once defined works
wonders across all threads and fairly well.
Best,
Marty
On 3/15/09, Marshall Eubanks t...@multicasttech.com wrote:
On Mar 15, 2009, at 1:20 AM, Charles Wyble wrote:
Can we please get this thread closed or something?
On Sat, 14 Mar 2009 00:56:24 CDT, Ross said:
I know I won't be able to change your mind. Saying a company's business
decisions are antisocial just because they aren't doing you want is very
unhelpful. I don't know how many large ISPs you have worked for but I'm
not sure if you understand
Vladis,
I'm not going to argue with you on a socio economic opinion that companies
who have stock holders are evil because they don't spend their funds where
they want you to and promote anti-social behavior by doing so. If you
think society's biggest problem is to stop port scanning then I hope
Ross wrote:
We can all improve in our operations, public shaming
for not dropping ones other duties to hand over information that you
aren't privileged to is a bit sad.
No one asked anyone to hand over information that they weren't
privileged to. Trying to publicly shame someone for asking
Joe,
I'll respond to you and this will be my last reply to this thread because
I know I won't be able to change your mind.
Yes, it's clear *you* won't be able to.
Saying a company's business
decisions are antisocial just because they aren't doing you want is very
unhelpful.
Well, then,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, Mar 14, 2009 at 12:42 AM, Joe Greco jgr...@ns.sol.net wrote:
I have worked for large ISP's, I understand corporate budgets and
politics, and I'm smart enough to understand that corporate budgets and
politics do not define what is
On Wed, Mar 11, 2009 at 6:34 AM, Brett Charbeneau br...@wrl.org wrote:
I've been nudging an operator at Covad about a handful of hosts from
his DHCP pool that have been attacking - relentlessly port scanning - our
assets. I've been informed by this individual that there's no way to
On Sat, Mar 14, 2009 at 4:12 AM, Neil kngsp...@gmail.com wrote:
On Wed, Mar 11, 2009 at 6:34 AM, Brett Charbeneau br...@wrl.org wrote:
.
As William pointed out, it's the things that follow that determine whether
someone's being bad. To flag port-scans might be responsible, but I think
Once upon a time, Neil kngsp...@gmail.com said:
I think you are being a little naive. Port scans, while possibly used for
malicious ends, can very often be benign.
That sounds naive to me. From what I've seen, the number of malicious
scans is much greater than the number of benign scans. The
Chris Adams wrote:
Do you think Covad would respond to a DMCA complaint like that?
That's actually the one thing that would make sense of this - that they
*do* purge the logs fast enough that they could reply to a DMCA
complaint by saying sorry, we don't have logs.
The question is, in
And there's another name for 'casing the joint', it is 'looking around'.
Looking around generally isn't a crime. Neither is casing a joint, for that
matter. And like I suggested with port scanning, whether someone was
'looking around' or 'casing the joint' is really only determinable after
On Sat, Mar 14, 2009 at 23:17, Joe Greco jgr...@ns.sol.net wrote:
Looking around Rockefeller Center generally isn't a crime.
Looking around where you're in my back yard and peeking in the windows
is, at a minimum, trespass, and if our local cops notice you doing it, you
can expect that you
Can we please get this thread closed or something?
Jim Popovitch wrote:
On Sat, Mar 14, 2009 at 23:17, Joe Greco jgr...@ns.sol.net wrote:
Looking around Rockefeller Center generally isn't a crime.
Looking around where you're in my back yard and peeking in the windows
is, at a minimum,
On Thu, Mar 12, 2009 at 8:52 PM, Joe Greco jgr...@ns.sol.net wrote:
Well most port scanning is from compromised boxes. Once a
box is compromised it can be used for *any* sort of attack.
If you really care about security you take reports of ports
scans
Just wondering but the knowledge I have of DHCP is that an IP address is
assigned to the same computer (or host) and will continue to do so until the
pool of IP's is exhausted. Once that occurs, a new request is parsed by
the DHCP server and the oldest non-renewed lease address is checked to see
On Fri, 13 Mar 2009 13:57:56 CDT, Bobby Mac said:
That said, unless Covad is constantly exhausting it's pool or they mandate
that after the lease expires to give a different IP a reverse lookup would
give you the hostname of the offender which should remain accurate for some
amount of time.
Um Aren't dsl addresses handed out over ipcp? So perhaps a bit more static
then dhcp?
Sent via BlackBerry from T-Mobile
-Original Message-
From: Bobby Mac bobby...@gmail.com
Date: Fri, 13 Mar 2009 13:57:56
To: nanog@nanog.org
Subject: Re: Dynamic IP log retention = 0?
Just
On Fri, Mar 13, 2009 at 2:15 PM, valdis.kletni...@vt.edu wrote:
After all, you didn't *really* care that the IP was assigned to
a computer belonging to Herman Munster, 1313 Mockingbird Lane. What you
actually *wanted* was for somebody (preferably Covad) to hand Herman a clue.
Yeah. I miss
Joe,
I'll respond to you and this will be my last reply to this thread because
I know I won't be able to change your mind. Saying a company's business
decisions are antisocial just because they aren't doing you want is very
unhelpful. I don't know how many large ISPs you have worked for but I'm
How did a simple thread about network scanning get so derailedwe have
people talking about the legal implications of port scanning, hiring
lawyers to go after ISPs, talking to the fbi, the benefits/downfalls of
NAT as a security policy, etc. Wow just wow.
I'll try to answer you in a more
On Mar 12, 2009, at 12:25 AM, Ross wrote:
How did a simple thread about network scanning get so derailedwe
have
people talking about the legal implications of port scanning, hiring
lawyers to go after ISPs, talking to the fbi, the benefits/downfalls
of
NAT as a security policy, etc.
JC Dill wrote (on Thu, Mar 12, 2009 at 09:02:25AM -0700):
Ross wrote:
There seems to be a big misconception that he asked them to hand over
the info. As I read the OP, he asked Comcast to do something about it
and Comcast said we can't do anything about it because we don't have
logs.
On Wed, 11 Mar 2009 07:53:01 -0800, Marcus Reid said:
A quick scan of the reverse mapping for your address space in DNS reveals
that you have basically your entire network on public addresses. No wonder
you're worried about portscans when the printer down the hall and the
receptionists
valdis.kletni...@vt.edu wrote:
You *do* realize that has a public address does not actually mean that
the machine is reachable from random addresses, right? There *are* these
nice utilities called iptables and ipf - even Windows and Macs can be configured
to say bugger off to unwanted traffic.
On Thu, 12 Mar 2009, Glen Turner wrote:
William Allen Simpson wrote:
A telecommunications carrier releasing a customer's details without their
permission, to a non-investigatory third party, without a court order.
Hmmm. It's certainly illegal here in Australia. And last I checked wasn't
J. Oquendo wrote:
On Thu, 12 Mar 2009, Glen Turner wrote:
William Allen Simpson wrote:
A telecommunications carrier releasing a customer's details without their
permission, to a non-investigatory third party, without a court order.
Hmmm. It's certainly illegal here in Australia. And last I
In message 20090312120816.b...@egps.egps.com, N. Yaakov Ziskind writes:
JC Dill wrote (on Thu, Mar 12, 2009 at 09:02:25AM -0700):
Ross wrote:
There seems to be a big misconception that he asked them to hand over
the info. As I read the OP, he asked Comcast to do something about it
Whether Covad chooses to enforce their AUP against port scanning is a
business decision up to them. Again, why worry about things out of your
control, especially when we are talking about port scanning. I would think
people have more pressing issues, guess not.
--
Ross
ross [at] dillio.net
In
Whether Covad chooses to enforce their AUP against port scanning is a
business decision up to them.
Yes, it's all a business decision. That kind of antisocial thinking is
the sort of thing that has allowed all manner of bad guys to remain
attached to the Internet.
Again, why worry about
Not to disagree with any of your points, but the OP (which you quoted!)
was talking about Covad, while you're bashing Comcast.
Any sufficiently advanced NANOG conversation is indistinguishable from
Comcast-bashing.
Rob
(Not agreeing, just observing.)
In message c229aa5b01749718e25f61ae579659a3.squir...@www.dillio.net, Ross
writ
es:
Whether Covad chooses to enforce their AUP against port scanning is a
business decision up to them. Again, why worry about things out of your
control, especially when we are talking about port scanning. I would
Well most port scanning is from compromised boxes. Once a
box is compromised it can be used for *any* sort of attack.
If you really care about security you take reports of ports
scans seriously.
Yeahbut, the real problem is that port scanning is typically used as
part
N. Yaakov Ziskind wrote:
Not to disagree with any of your points, but the OP (which you quoted!)
was talking about Covad, while you're bashing Comcast.
Oops, my bad. Well, and Covad's bad too. :-)
jc
On Thu, Mar 12, 2009 at 8:52 PM, Joe Greco jgr...@ns.sol.net wrote:
Well most port scanning is from compromised boxes. Once a
box is compromised it can be used for *any* sort of attack.
If you really care about security you take reports of ports
scans seriously.
I think your next step is your lawyer. Put all your missives, your
email, your phone conversations, your logs, your auditing results, your
detection troubleshooting and sleuthing trails etc. in a folder, create
a one page summary including any damages you feel might have been caused
(e.g. time,
On Wed, 11 Mar 2009, Darden, Patrick S. wrote:
I think your next step is your lawyer. Put all your missives, your
email, your phone conversations, your logs, your auditing results, your
detection troubleshooting and sleuthing trails etc. in a folder, create
a one page summary including any
On 11-Mar-2009, at 10:03, Jon Lewis wrote:
but what's the point in getting lawyers involved?
It might convince some pointy-haired person at covad to review the
policies and procedures on the abuse desk, maybe.
Whatever access isn't supposed to be open should be filtered.
If you can
Brett Charbeneau wrote:
I've been nudging an operator at Covad about a handful of hosts from
his DHCP pool that have been attacking - relentlessly port scanning -
our assets.
Port scanning is rather common, and shouldn't be considered attacking --
unless it's taking a significant amount
On Wed, 11 Mar 2009, William Allen Simpson wrote:
WAS While I applaud your taking security seriously, and your active monitoring
WAS of your resources, other folks might be handling huge numbers of Conficker,
WAS Mebroot, and Torpig infections these days. So, they might be rather busy.
On Wed, 11 Mar 2009 10:28:33 -0400
Joe Abley jab...@hopcount.ca wrote:
On 11-Mar-2009, at 10:03, Jon Lewis wrote:
but what's the point in getting lawyers involved?
It might convince some pointy-haired person at covad to review the
policies and procedures on the abuse desk, maybe.
Covad telling you they don't keep logs is different from them not
really having the logs... but, if they really don't keep logs, they
are posing a risk that FBI or DHS might not be happy with. The feds
will probably be more persuasive than you, so maybe hinting them about
this situation may change
On Wed, 11 Mar 2009 12:42:40 -0300
Rubens Kuhl rube...@gmail.com wrote:
Covad telling you they don't keep logs is different from them not
really having the logs... but, if they really don't keep logs, they
are posing a risk that FBI or DHS might not be happy with. The feds
will probably be
On Wed, Mar 11, 2009 at 10:55:43AM -0400, Brett Charbeneau wrote:
On Wed, 11 Mar 2009, William Allen Simpson wrote:
WAS While I applaud your taking security seriously, and your active
monitoring
WAS of your resources, other folks might be handling huge numbers of
Conficker,
WAS Mebroot,
Hope you did that scan from covad. Lol. *ducks*
Sent via BlackBerry from T-Mobile
On Wed, 11 Mar 2009, Marcus Reid wrote:
MR A quick scan of the reverse mapping for your address space in DNS reveals
MR that you have basically your entire network on public addresses. No wonder
MR you're worried about portscans when the printer down the hall and the
MR receptionists machine are
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jon Lewis wrote:
If port scans really bother you, then you should setup a system to detect
them, and regularly rebuild ACLs/null route lists/etc. to stop them in
near real time. AFAIK, Cisco sells such a product, as do other network
vendors
On Wed, Mar 11, 2009 at 12:57 PM, Alec Berry alec.be...@restontech.com wrote:
block in log quick from evil to any label evil
RFC 3514? :-)
--
Jeremy L. Gaddis
http://evilrouters.net/
William Allen Simpson wrote:
Port scanning is rather common, and shouldn't be considered attacking --
unless it's taking a significant amount of bandwidth.
Attempting to gain unauthorised access to a computing system is a crime in
most countries. Port scanning is a tool used to gain
A quick scan of the reverse mapping for your address space in DNS reveals
that you have basically your entire network on public addresses. No wonder
you're worried about portscans when the printer down the hall and the
receptionists machine are sitting on public addresses. I think you are
Joe Greco wrote:
A quick scan of the reverse mapping for your address space in DNS reveals
that you have basically your entire network on public addresses. No wonder
you're worried about portscans when the printer down the hall and the
receptionists machine are sitting on public addresses. I
On Wed, 11 Mar 2009, Joe Greco wrote:
In our neighbourhood, we don't have a high crime rate. Despite that,
if we saw someone walking from house to house, trying doorknobs, we'd
call the cops. The fact that everyone has locks on their doors does
not make it all right for someone to go around
On Wed, 11 Mar 2009, Joe Greco wrote:
In our neighbourhood, we don't have a high crime rate. Despite that,
if we saw someone walking from house to house, trying doorknobs, we'd
call the cops. The fact that everyone has locks on their doors does
not make it all right for someone to go
On Wed, Mar 11, 2009 at 6:27 PM, Peter Beckman beck...@angryox.com wrote:
On Wed, 11 Mar 2009, Joe Greco wrote:
In our neighbourhood, we don't have a high crime rate. Despite that,
if we saw someone walking from house to house, trying doorknobs, we'd
call the cops. The fact that everyone
55 matches
Mail list logo