RE: Nimda virus and whois search...
Seriously, what is the appropriate term: owner, rentee, leaser ? Assignee? -=Francois=-
RE: Nimda virus and whois search...
Holder is a good name for the holders of IP addresses. Also, RAND can be very Reasonable without hurting the cause of freedom. But some people are not reasonable, but this is a different problem, and is unlikely to be resolved in our favour by reasonable people. Cheers...\Stef PS: If IP addresses are assignable, then someone must own (or hold) the rights to assign them, and to take the assignment back. So someone somewhere holds the ultimate rights to control them. At 09:28 -0400 01/10/01, Francois Menard wrote: Seriously, what is the appropriate term: owner, rentee, leaser ? Assignee? -=Francois=-
Re: Nimda virus and whois search...
On 30 Sep 2001, Franck Martin wrote: If there was some kind of standard, it would help fighting worms by informing IP owners that some machines have been infected. It would also help all Intrusion detection System to inform system administrator of potential attacks with a detailed report... There are some more advanced whois clients which have more knowledge on where to query and how, e.g. http://freshmeat.net/projects/whois/. That doesn't say, of course, that there wouldn't be any benefits from standardization... On the IDS front, I would not like to make the reporting too easy. I'm completely fed up with Top Notch IDS Products returning alarms on e.g. the following: - users running traceroute, on incomoing icmp time exceeded messages triggering an icmp flood detection - using a public ftp server, thus generating an ident query - using an smtp server, -- - etc. Most of times, these reports are sent by people who have no idea what is going on at all. Spamming operators with these kind of alarms shouldn't be encouraged. (b.t.w: is there a web page somewhere which lists and gives reasons/pointers to usual false alarms like listed above? It might be useful as a pointer). -- Pekka Savola Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
RE: Nimda virus and whois search...
I'm not considering it, unless it is REALLY justified. In my case I have a small bandwidth that I pay a lot (64kbps USD4500/month). People not patching their servers cost me a lot of money. In other hand, I think IDS software should report not only the problem, but also information to the human on how to tackle the problem. When you see a problem with an IP reported by IDS, then you have to investigate yourself (host, network,...). If it was done automatically for you then you would have information to take a decision: who to e-mail, what to e-mail, should I e-mail or call the FBI or do nothing,... Franck Martin Network and Database Development Officer SOPAC South Pacific Applied Geoscience Commission Fiji E-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Web site: http://www.sopac.org/ http://www.sopac.org/ Support FMaps: http://fmaps.sourceforge.net/ http://fmaps.sourceforge.net/ This e-mail is intended for its addresses only. Do not forward this e-mail without approval. The views expressed in this e-mail may not be necessarily the views of SOPAC. -Original Message- From: stanislav shalunov [mailto:[EMAIL PROTECTED]] Sent: Monday, 1 October 2001 3:55 To: Franck Martin Subject: Re: Nimda virus and whois search... Please seriously consider not sending automated email in this way. You're not making matters better by creating a storm of email messages in addition to an already existing storm of HTTP queries. Your response might be worse than the original problem. -- Stanislav Shalunov http://www.internet2.edu/~shalunov/ You wake me up early in the morning to tell me I am right? Please wait until I am wrong. -- John von Neumann, on being phoned at 10 a.m.
Re: Nimda virus and whois search...
On Sun, 30 Sep 2001 13:35:14 +0300, Pekka Savola said: - users running traceroute, on incomoing icmp time exceeded messages triggering an icmp flood detection - using a public ftp server, thus generating an ident query - using an smtp server, -- - etc. My personal pet peeve - getting complaints that one of my machines is scanning some user's machine with source port 123. Odd that the machine in question was the target of the CNAME 'ntp-2.vt.edu' ;) /Valdis
Re: Nimda virus and whois search...
* * While I was implementing a perl script to catch nimda virus on Apache * (www.digitalcon.ca/nimda/) and send an e-mail to the owner of the IP, I It will come as a great surprise to many people to learn that someone owns IP. At one point, some eager beavers in the US government thought they owned it, since they paid for its development. But cooler heads prevailed.. Bob Braden
RE: Nimda virus and whois search...
I know that nobody Owns an IP, it is like Owning water and oxygen. Althought we have water taxes but not yet oxygen taxes. It will come soon at the rate the World pollutes (nobody talk about the Toxic Texan anymore) Seriously, what is the appropriate term: owner, rentee, leaser ? Franck Martin Network and Database Development Officer SOPAC South Pacific Applied Geoscience Commission Fiji E-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Web site: http://www.sopac.org/ http://www.sopac.org/ Support FMaps: http://fmaps.sourceforge.net/ http://fmaps.sourceforge.net/ This e-mail is intended for its addresses only. Do not forward this e-mail without approval. The views expressed in this e-mail may not be necessarily the views of SOPAC. -Original Message- From: Bob Braden [mailto:[EMAIL PROTECTED]] Sent: Monday, 1 October 2001 3:33 To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Nimda virus and whois search... * * While I was implementing a perl script to catch nimda virus on Apache * (www.digitalcon.ca/nimda/) and send an e-mail to the owner of the IP, I It will come as a great surprise to many people to learn that someone owns IP. At one point, some eager beavers in the US government thought they owned it, since they paid for its development. But cooler heads prevailed.. Bob Braden
RE: Nimda virus and whois search...
On Mon, 1 Oct 2001, Franck Martin wrote: I know that nobody Owns an IP, it is like Owning water and oxygen. Althought we have water taxes but not yet oxygen taxes. It will come soon at the rate the World pollutes (nobody talk about the Toxic Texan anymore) Seriously, what is the appropriate term: owner, rentee, leaser ? steward Main Entry: stew·ard·ship Pronunciation: 'stü-rd-ship, 'styü-; 'st(y)u(-)rd- Function: noun Date: 15th century 1 : the office, duties, and obligations of a steward 2 : the conducting, supervising, or managing of something; especially : the careful and responsible management of something entrusted to one's care stewardship of our natural resources Franck Martin Network and Database Development Officer SOPAC South Pacific Applied Geoscience Commission Fiji E-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Web site: http://www.sopac.org/ http://www.sopac.org/ Support FMaps: http://fmaps.sourceforge.net/ http://fmaps.sourceforge.net/ This e-mail is intended for its addresses only. Do not forward this e-mail without approval. The views expressed in this e-mail may not be necessarily the views of SOPAC. -Original Message- From: Bob Braden [mailto:[EMAIL PROTECTED]] Sent: Monday, 1 October 2001 3:33 To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Nimda virus and whois search... * * While I was implementing a perl script to catch nimda virus on Apache * (www.digitalcon.ca/nimda/) and send an e-mail to the owner of the IP, I It will come as a great surprise to many people to learn that someone owns IP. At one point, some eager beavers in the US government thought they owned it, since they paid for its development. But cooler heads prevailed.. Bob Braden -- -- Joel Jaeggli [EMAIL PROTECTED] Academic User Services [EMAIL PROTECTED] PGP Key Fingerprint: 1DE9 8FCA 51FB 4195 B42A 9C32 A30D 121E -- It is clear that the arm of criticism cannot replace the criticism of arms. Karl Marx -- Introduction to the critique of Hegel's Philosophy of the right, 1843.